| FAQ Article: Decrypting CuteFTP passwords |
CuteFTP is a popular FTP (File transfer protocol) program. FTP servers are what people use to upload and download files from servers. The most popular use of FTP is for uploading files to a web site. If your web space supports ftp transfers then you can use a free program like CuteFTP to manage your web site from within windows.
CuteFTP has the feature of a 'site manager'. The manager allows you to enter all the details needed to connect to your FTP servers so that you can quickly connect to them by just clicking its name. The best feature of this is that it also stores your username and password so that you do not need to enter it every time you connect. Once you enter all the details for your servers, the information is placed in a file in the CuteFTP directory called "SmData.dat".
All your servers connection information is kept in this file - along with your username and password. The username is stored in plaintext and the password is encrypted using a simple character substitution. Therefore, it is easy for a hacker to get hold of the SmData.dat file and then decrypt the passwords. This leaves the hacker with full access to all the victims servers (which are likely to be his web sites).
The reason I am explaining this to you is so you know what to look for if you gain access to your targets computer via whatever techniques you use (physical access, trojans, system vulnerabilities etc.). The Smdata.dat file is a very small file, but if you have it you will gain a lot of information.
Here is how the encryption scheme of the Smdata.dat file works, and how to decrypt it:
Open up the Smdata.dat file in a text editor. Near the end of the file, the user records are stored.
The following is an example of such records taken from an Smdata.dat:
$^?^DWebsite.ftp.mywebsite.com^Dwebmaster^H©?«^?^?^??º ^B ^? ^U ^B
^?^?^?^?^B ^B ^B ^B ^B ^A
^B $^?^DWork.www.mywork.com^Danonymous^H¸©»»¿§?¬^Yinnitial remote directory^Qinitial
directory comments^B ^? ! ?^Cd ªzY^A^B ^B ^B ^B ^B ^Vlocal directory filter^[
remotee directory filteeeer^A
^B
The $ sign at the beginning means the start of a new record, and this is followed by a number of fields which are delimited by a different ASCII character each time. The records use the following format:
$^?^Drecord name.ip address^Dusername^Hencrypted password^B ^?
So this means that the first record in the example above contains this information:
RECORD NAME = Website
IP ADDRESS = ftp.mywebsite.com
USERNAME = webmaster
PASSWORD = ©?«^?^?^??&#ordm;
Notice that the fields after this are left blank. This makes CuteFTP use its default values. Now to decrypt the password.
The example above used the password "abcABC>?". From this you can see that a=© b=? etc. etc. So, now we know that it simply uses the character replacement scheme - we need to find out what every single letter and number is replaced with (so we can build a decryption table, or write a program to do the decryption work for us). Therefore we need to encrypt the following string with CuteFTP:
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz12
34567890!@#$%^&*()`~-=\[]';,./_+|{}:"<>?
Now if you look in the Smdata.dat file and see the encrypted version of the above string - you will have all the information you need to decrypt anyones Smdata.dat !
|
Posted on: 19-08-1999
Article has been viewed 18603 times
|
| |
| Comments |
|
Post a comment
Please use the form below to post your comments on this article. All comments will be reviewed by the admin before being published publically.
|
| |
