qtp hackers - how to decrypt encrypted password

QTP Hackers - How to decrypt encrypted (SetSecure'd) password I will explain you how to decode an encoded password in QTP. Using QuickTest Professional and this approach, you can hack email accounts published on Internet. Are you interested? :) So, continue reading this QTP tutorial for details. I've just recorded a simple script, which signs into Gmail. It: 1. Fills 'Username' in 2. Fills 'Password' in 3. Clicks 'Sign in' button And the recorded QTP script is: Browser("Gmail").Page("Gmail").WebEdit("Email").Set "someaccount" Browser("Gmail").Page("Gmail").WebEdit("Passwd").SetSecure "493844a99bee0e3ab952f2e867fd08e3" Browser("Gmail").Page("Gmail").WebButton("Sign in").Click As you can see, QTP script is simple enough. I've set "someaccount" to 'Username' editbox. But what about 'Password' editbox? What value have I filled in? QTP encrypted the password using SetSecure method:

Upload: api-19840982

Post on 16-Nov-2014

125 views

Category:

Documents

4 download

Report

Download

Embed Size (px):

TRANSCRIPT

Page 1: QTP Hackers - How to decrypt encrypted password

QTP Hackers - How to decrypt encrypted (SetSecure'd) password

I will explain you how to decode an encoded password in QTP.Using QuickTest Professional and this approach, you can hack email accounts published on Internet. Are you interested? :) So, continue reading this QTP tutorial for details.

I've just recorded a simple script, which signs into Gmail. It:1. Fills 'Username' in2. Fills 'Password' in 3. Clicks 'Sign in' button

And the recorded QTP script is:Browser("Gmail").Page("Gmail").WebEdit("Email").Set "someaccount"Browser("Gmail").Page("Gmail").WebEdit("Passwd").SetSecure "493844a99bee0e3ab952f2e867fd08e3"Browser("Gmail").Page("Gmail").WebButton("Sign in").Click

As you can see, QTP script is simple enough.I've set "someaccount" to 'Username' editbox. But what about 'Password' editbox? What value have I filled in?

QTP encrypted the password using SetSecure method:WebEdit("Passwd").SetSecure "493844a99bee0e3ab952f2e867fd08e3"QTP Help: The SetSecure method is recorded when a password or other secure text is entered.The text is encrypted while recording and decrypted during the test

http://gmail.com/

http://motevich.blogspot.com/2008/12/qtp-decrypt-encrypted-password.html

Page 2: QTP Hackers - How to decrypt encrypted password

run.

How to know the initial text?

There is one trick. Apply SetSecure method to non-secured edit box!Instead of this QTP code:Browser("Gmail").Page("Gmail").WebEdit("Email").Set "someaccount"Browser("Gmail").Page("Gmail").WebEdit("Passwd").SetSecure "493844a99bee0e3ab952f2e867fd08e3"I run this QTP script:Browser("Gmail").Page("Gmail").WebEdit("Email").SetSecure "493844a99bee0e3ab952f2e867fd08e3"And the result of this QTP script is:

Yes, "mypwd" was encrypted to "493844a99bee0e3ab952f2e867fd08e3". So, "mypwd" is the password I filled!So, this is an easy way to decrypt an encrypted password in QTP.

By the way, there are two ways how to decrypt a password in QuickTest Professional:

1. Using Crypt.Encrypt

str = "Some Text"encrStr = Crypt.Encrypt(str)

'encrStr' will contain an encrypted text.

Page 3: QTP Hackers - How to decrypt encrypted password

2. Using Password Encoder from 'Start/Programs/QuickTest Professional/Tools'

Summary: I explained two ways how to crypt a text in QTP I shown an approach how to decrypt an encrypted text

Well, I promised to show how to hack email addresses... I remember!

I searched several QTP sites and forums for "SetSecure" function and found that some QTP engineers published their code snippets with encrypted passwords (for example, entrance into email accounts) :)

Now you know how to "read" (=steal) passwords in plain text.

Next-Gen Encryption: The Sophos Approach...This approach is a failsafe to ensure that files remain encrypted. Additionally, any request to decrypt a file is audited and logged. Using

Applications and Standardization of Lightweight Cryptography...Threshold Cryptography In order to decrypt an encrypted message or to sign a message, several parties (k out of n) cooperate

Conditional access: soft option?encrypt content so that encryption occurs once and remains encrypted all the way to the consumer device. Others require multiple decrypt and re-encrypt

From Real-world Identities to Privacy-preserving and ... · 4.6 Integration with OpenAM ... the encrypted faces from the secure storage, decrypt them and then convert them into an

QTP Tutorial

Instructions for BH File Encryption and Submission Instructions - … · 2020. 4. 1. · Required Fields Step 3: Review Encrypted File(s) Note: CHIA has built in a Decrypt function

A Novel Approach for the Adaptation of Honey Encryption to ... · message when an intruder tries to decrypt a message using incorrect keys. A ciphertext that is honey-encrypted has

An Introduction to Mathematical Cryptography …A page of history is worth a volume of logic." (b) Decrypt the following message, which was encrypted with a rotation of 7 clockwise

Analysis of an encrypted HDD - Airbus security lab ... · Before digging deeper, a simple step can give us information about where the “secrets”2 needed to decrypt the drive are

Encrypt & Decrypt Weekend Project

QTP Chapter 01 Introduction QTP