Tfn2k asks for a password during the build, which is used to prevent someone from recovering the password from the td or tfn binaries. I wrote a program that will recover the password. It will compile and run on Solaris and Intel-based free Unix systems (didn't test it elsewhere). It can extract the password from a Sol, Linux, or FreeBSD binary td or tfn (also probably others but just tested these). In other words, you can extract passwords from a Linux td binary on your Sol 2.7 box.

Uses for this include:

Scenario #1 -

You are a hot cybersleuth, extracting the password as a part of a forensics effort. If the password matches some other forensic stuff (like the password of a suspected script kid, or the DES key that unlocks a cache of hacker tools in a tar file), you might catch that elusive cyberterrorist.

Scenario #2 -

You have discovered a cache of tfn2k binaries on your large network. By recovering the password, you can compile your own tfn and send a command to be rexec'd to each suspected system, such as:

echo "0wned!! Clean me!!" | mail yourname@youraddress.com

Optionally if you discover you are flooding someone, you could send the command to stop the flood from your new tfn binary.

Scenario #3 -

You are under attack and Zombie Zapper didn't help (ZZ only works against tfn, trinoo, and stacheldraht). Send the sites attacking you this software and ask them to send you the password. Once you have it, compile your own tfn and start telling those zombies to leave you alone! Okay, this last one is a little far-fetched and won't work if the attack lasts just a couple of hours and if the addresses are forged, but it is better than nothing.

Questions/comments/bugs to Simple Nomad (thegnome@razor.bindview.com)