Posted On:December 2012 - Pentest Geek

standard

Recover Spark IM Stored Passwords with Metasploit

2012/12/26 - By 

Metasploit Module [1]

I recently added a post exploit module to the metasploit framework. The module will extract and decrypt passwords that are stored by the Spark Instant Messenger client. The passwords are stored in a file on the local HDD (spark.properties) using Triple DES encryption. This sounds all fine and dandy, but this all goes out the door when they hardcoded the key and made it publicly documented.

The vulnerability isn’t that new since it was documented by Adam Caudill back in July 2012 when he disclosed the details and PoC code in .net that illustrates how the attack can be completed.  Mubix recently submitted a  request to add this post exploit module into the framework. Well, SmilingRacoon and myself decided to answer the call and work up a module to accomplish this task.

Read More


Subscribe To Pentest Geek

Follow Pentest Geek

twitterrssyoutubetwitterrssyoutube

Recent Posts

Penetration Testing

Categories

Metasploit

Archives

Web Application Hacking

css.php