Sign in to follow this  
Followers 0
ACS

StarDestroyer

22 posts in this topic

#1 ·  Posted (edited)

Hey all,

Here's my first (of what I hope will be several) contribution to these forums. My first major script, StarDestroyer.

This script will reveal the password hidden behind those pesky asterisks. Hence, it "destroys" the purpose of the "stars". :(

Yes I know that Windows XP uses little black dots instead of asterisks these days, but "DotDestroyer" sounds lame, and I had to use the Star Wars reference. :)

I was inspired to write this program after finding several similar programs on the Internet, mostly commercial ones that cost around $20.

There's a nice free one, Password Revealer, but this program only works on standard Windows EDIT controls. It doesn't work with IE windows or other non-standard controls.

StarDestroyer features the following:

- Reveal the password behind any standard password field

- Retrieve passworded fields from any Internet Explorer form

- Option to retrieve text from ANY field, in the case of some non-standard password fields (such as those in Excel)

I plan to update the program with the following features:

- Eliminate the need for StarDestroyer to be the active window for it to work (like Au3Info.) Currently the program must have focus in order for it to retrieve passwords.

- Retrieve passwords from IE windows with frames. Currently StarDestroyer does not support pages with frames, and does some funny stuff.

- Ability to "freeze" the log display. Currently the log will keep scrolling as new entries are added unless focus is lost to another application.

- Other features that anyone else may find useful

The archive includes the program source, the changelog (which also contains complete details) and a nifty little icon. :♠D

Let me know what you think!

Latest version: 1.0

[EDIT: Downloaded link deleted as per Post #12.]

Edited by ACS

Share this post


Link to post
Share on other sites



wow this is nice script :)


When the words fail... music speaks

Share this post


Link to post
Share on other sites

I have tried this in my Outlook Express and it did not reveal the password only ""



Get Beta versions Here Get latest SciTE editor Here AutoIt 1-2-3 by Valuater - A great starting point.

Time you enjoyed wasting is not wasted time ......T.S. Elliot
Suspense is worse than disappointment................Robert Burns
God help the man who won't help himself, because no-one else will...........My Grandmother

Share this post


Link to post
Share on other sites

#4 ·  Posted (edited)

thanx

this is very usefull for me

@bigdog this is only Internet Explore

Edited by UQOII

[center]uqoii.nl[/center]

Share this post


Link to post
Share on other sites

This is way cool! Can I suggest adding a drag icon line Snadboy's Revelation? Theirs uses a dll and is caught in Norton's now as a hacker tool. :) Would be great to have one made in all autoit. Thanks for sharing..

Share this post


Link to post
Share on other sites

Awsome.. Works realy well here! Maybe try to make a transparent gui sort off, and that the user has to drag that over the password field.

And the stars become letters!

Share this post


Link to post
Share on other sites

i know this is probably a strange post, but me and a friend have been trying to make an anti key logging system, and found the only way to do so is by controlsettext (or the function that sets the text of the edit) i like how you can move over an edit to view its info, i was wondering if you could explain to me how you get the controls info, like i want to know how you get the window name + control id every time you move over a control.


Admin Of:http://notmyspace.info [Under Development, looking for volunteers to help improve]http://PSNetCards.co.ukhttp://ZacnAndLindsey.com [Under development, not quite sure what to do with it yet]http://revelm.com------------------------------------Radio Streams:http://75.185.53.88:8000 [128kb/s 44kHz]http://75.185.53.88:8002 [22kb/s 22kHz](works on mobile phones)-----------------------------------My Server:Owned By: http://jumpline.comIP:66.84.19.220Bandwidth:200GBStorage Space:1TBNetwork Connection: 1GB/S[up and down]Operating System: Red Hat LinuxInstalled Apps:Webmail, phpBB, Majordomo, phpMyAdmin, MySQL, Active Server Pages, FrontPage Extensions 2002, GraphicsMagick, Mod Perl, Perl, PHP: Hypertext Preprocessor, Python(want cheap good webhosting, or need a place to park your domain? contact me)-----------------------------------

Share this post


Link to post
Share on other sites

Thanks for your replies everyone!

I have tried this in my Outlook Express and it did not reveal the password only ""

Hmm, that is indeed strange. I tried different methods but still came up with the same result.

Even Au3Info can't get the text of this control, although it does report the control class as the standard Windows "Edit" control.

It appears MS was smart about this one and subclassed the control to make it reject any outside attempts at obtaining its text.

I'll keep hacking away at it though, and hopefully I can come up with something.

This doesn't work for when you are asked to enter a username and password in Mozilla Firefox.

I explicitly state in the changelog this program only works for Internet Explorer windows and not any other browser. This is just the nature of the beast.

This is way cool! Can I suggest adding a drag icon line Snadboy's Revelation? Theirs uses a dll and is caught in Norton's now as a hacker tool. :) Would be great to have one made in all autoit. Thanks for sharing..

I'm not sure I understand the point of the target icon vs what I'm doing now (just hovering the mouse.) Is it just to have more control over what text to retrieve?

Incidentally, Snadboy's Revelation IS able to retrieve the password from Outlook Express, so there IS a way to do it...

Awsome.. Works realy well here! Maybe try to make a transparent gui sort off, and that the user has to drag that over the password field.

And the stars become letters!

Actually I thought about changing the stars into letters (which of course would only work for Windows controls and not web forms.) I think I'll implement this after all, so StarDestroyer can really live up to its name. :(

Works with forms in IE fine, but I've had no luck unmasking anything else.

How come? What happens when you try to unmask? Where did you try?

i know this is probably a strange post, but me and a friend have been trying to make an anti key logging system, and found the only way to do so is by controlsettext (or the function that sets the text of the edit) i like how you can move over an edit to view its info, i was wondering if you could explain to me how you get the controls info, like i want to know how you get the window name + control id every time you move over a control.

Just check out the source code, it's all in there.

First I get the absolute position of the mouse cursor. Then I use the WinAPI function "WindowFromPoint" and pass to it the position of the mouse cursor. This function returns the hwnd of the window at a particular point (in this case the mouse cursor) and just take it from there.

Share this post


Link to post
Share on other sites

nice program.


code

Share this post


Link to post
Share on other sites

Well it appears there's a huge flaw in program-- that being that it doesn't really do what it's supposed to do. :)

This is due to my lack of understanding of the problem, but also my lack of thorough testing.

So this project is on hold while I rewrite it to... well, work. :(

Share this post


Link to post
Share on other sites

Well it appears there's a huge flaw in program-- that being that it doesn't really do what it's supposed to do. :)

This is due to my lack of understanding of the problem, but also my lack of thorough testing.

So this project is on hold while I rewrite it to... well, work. :(

And the flaw is... :D

Share this post


Link to post
Share on other sites

Far as I have tested it it works on ie stuff, just like you said! Still, I patiently await your rewrite to check it out too.

Share this post


Link to post
Share on other sites

And the flaw is... :)

The program doesn't properly retrieve text from passworded fields.

A few may work but the majority don't/won't.

Share this post


Link to post
Share on other sites

that's the whole point of having password fields ....

1. not being able to see the text

2. not being able to retrieve the text

3. not being able to hook keys(i tried before to hook some keys and write into a password field and it didn't work)


Only two things are infinite, the universe and human stupidity, and i'm not sure about the former -Alber EinsteinPractice makes perfect! but nobody's perfect so why practice at all?http://forum.ambrozie.ro

Share this post


Link to post
Share on other sites

that's the whole point of having password fields ....

1. not being able to see the text

2. not being able to retrieve the text

3. not being able to hook keys(i tried before to hook some keys and write into a password field and it didn't work)

And that's the point of THIS program. The ability to retrieve the text from those unretrievable fields.

Of course I'm not condoning malicious intent. To be honest one of the reasons I wrote this is because many times I will not have the passwords to certain programs/websites and even though it's right in front of me, it's frustrating not being able to see it. :)

Share this post


Link to post
Share on other sites

#18 ·  Posted (edited)

I'm not sure what you're doing since you removed your script - but if it helps I remember one free tool revealing passwords by using the Kernel, Shell and SetParent API in conjunction with length-testing some other API's return values.

I know that's vague but that's all I remember - the program I used worked great - using the information I tried to mimic it in AutoIt at one point and failed...

EDIT !!!

the original app was called Password Spy++

worked on Edits and IE controls.

the sourcecode is downloadable

Edited by crashdemons

My Projects - WindowDarken (Darken except the active window) Yahsmosis Chat Client (Discontinued) StarShooter Game (Red alert! All hands to battlestations!) YMSG Protocol Support (Discontinued) Circular Keyboard and OSK example. (aka Iris KB) Target Screensaver Drive Toolbar Thingy Rollup Pro (Minimize-to-Titlebar & More!) 2D Launcher physics example Ascii Screenshot AutoIt3 Quine Example ("Is a Quine" is a Quine.) USB Lock (Another system keydrive - with a toast.)

Share this post


Link to post
Share on other sites

And that's the point of THIS program. The ability to retrieve the text from those unretrievable fields.

Of course I'm not condoning malicious intent. To be honest one of the reasons I wrote this is because many times I will not have the passwords to certain programs/websites and even though it's right in front of me, it's frustrating not being able to see it. :)

yes.. i'm sry i was a sleepy and didn't finish my post completly

what i meant was ... that if it would be simple to read under the * then.... there wouldn't really be any need for them :((except for the seeing part :D)


Only two things are infinite, the universe and human stupidity, and i'm not sure about the former -Alber EinsteinPractice makes perfect! but nobody's perfect so why practice at all?http://forum.ambrozie.ro

Share this post


Link to post
Share on other sites

how is the update for this program going?

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0