|
Message-ID: <CABh=JRHqM=794BvrVtq6DwzugC3XfJNC-1q8irwX-SpY_2RteQ@mail.gmail.com>
Date: Thu, 10 Jan 2013 10:20:58 +0200
From: Milen Rangelov <gat3way@...il.com>
To: john-dev@...ts.openwall.com
Subject: Re: npdf2john
Thanks,
Looks like offline attack would not be possible for Android :( Unless there
is some way to get the mail address of course...
On Thu, Jan 10, 2013 at 4:11 AM, shane Shane
<shane@...twareontheside.info>wrote:
> You need root even when looking at the file system from eclipse or adb
> shell to get the local data but if you clear the local cache and then
> choose to store on sd card and login in again it will store on the sd card
> so you can grab the data. Here is some sample data from my droid, with a
> fake lastpass account.
> Email:test@...twareontheside.info
> Password:testtest
>
> http://ubuntuone.com/6aOO2QeuN5ZIDU8z0y3Oss
>
>
> On Wed, Jan 9, 2013 at 9:32 PM, shane Shane <shane@...twareontheside.info>wrote:
>
>> Yeah I think you can do it with developer mode enabled from eclipse. If
>> you go into the DDMS view in eclipse. I'll have a little look at it tonight.
>>
>> On Wed, Jan 9, 2013 at 6:58 PM, Milen Rangelov <gat3way@...il.com> wrote:
>>
>>> Thanks for those!
>>>
>>> I can now confirm that LastPass Chrome and Opera work the same way on
>>> Windows/Linux/OSX. I also tried to analyze Android's implementation, but
>>> apparently it does not keep profile data (just the encrypted XML file which
>>> contains URLs/passwords) on the SD card even if "store on SD card" option
>>> is enabled. Maybe that's a stupid question not asked on the right place,
>>> but does anyone know a way to access the Android phone's internal memory
>>> filesystem other than rooting it?
>>>
>>>
>>>
>>> On Fri, Jan 4, 2013 at 9:38 PM, Rich Rumble <richrumble@...il.com>wrote:
>>>
>>>> On Fri, Jan 4, 2013 at 10:21 AM, shane Shane
>>>> <shane@...twareontheside.info> wrote:
>>>> > I don't mind looking into the LastPass on windows. I'm usually a
>>>> Linux guy
>>>> > but I have a box I dual boot at home but I'll have to talk to my
>>>> supervisor
>>>> > for my 4th year project first. I want to help out with john's
>>>> development
>>>> > but I want to make sure I'm getting academic credit for it and at the
>>>> moment
>>>> > the scope of the project is only to do with distributed document
>>>> cracking.
>>>> I've added about 8 files (in one zip)for win32 Lastpass with a
>>>> Readme.txt further explaining what each file is, but the filenames
>>>> should be very clear on what they are.
>>>> http://openwall.info/wiki/john/sample-non-hashes#LastPass
>>>>
>>>> For example:
>>>> LP_win32_ff_500_password12345678.xml
>>>> Lastpass, windows, firefox, 500 iterations, password12345678. The
>>>> email/username if needed is also included in the readme.
>>>> I've also exported the sqlite 3 chrome files to plain-text SQL files
>>>> if that helps anyone.
>>>> -rich
>>>>
>>>
>>>
>>
>
Content of type "text/html" skipped
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.