Xanda's Blog !~!

In Response to Sunbelt’s Saving Login Details in Firefox Without Notification

Mar
03

Morning.. 🙂

If you have come across Sunbelt’s blog post today on “Saving login details in Firefox without notification“, where password can be force to be saved to the Firefox (password manager) without any notification to the user. Yeah, its bad. But whats the autocomplete=”off” on the form? 🙂

Here is my solution for that (sorry if I made things worse)

1) Open up nsLoginManager.js in the following directory (depending on your operating system)

  • Mac OS : /Applications/Firefox.app/Contents/MacOS/components/
  • Linux (in my case, Ubuntu) : /usr/lib/firefox-3.6.14/components/nsLoginManager.js  # <= where 3.6.14 is your Firefox version
  • Windows : C:\Program Files\Mozilla Firefox\components\

2) Look for this function : “_isAutocompleteDisabled : function (element)” and comment out the function body from the following code

  _isAutocompleteDisabled : function (element) {
    if (element && element.hasAttribute("autocomplete") &&
        element.getAttribute("autocomplete").toLowerCase() == "off")
        return true;
    return false;
  },

into something like this:

  _isAutocompleteDisabled : function (element) {
    // if (element && element.hasAttribute("autocomplete") &&
    //     element.getAttribute("autocomplete").toLowerCase() == "off")
    //     return true;
    return false;
  },

3) Restart your Firefox and wallaaa! 🙂

P/S: you can simply uncomment the lines to revert but remember that if you want to clear the saved password, you can do it from the Password Manager (Preferences > Security > Saved Passwords > Remove All)

Protected: I Knew Kevin Mitnick’s Password ;)

Jul
29

This content is password protected. To view it please enter your password below:

My Self , , , , Enter your password to view comments.

RainbowCrack 1.4 is released

Jul
23

This version focus on more effective rainbow table file format. New features:

  • New compact rainbow table file format (.rtc) reduce rainbow table size by 50% to 56.25%
  • New rt2rtc utility convert rainbow table from raw file format (.rt) to compact file format (.rtc)
  • New rtc2rt utility convert rainbow table from compact file format (.rtc) to raw file format (.rt)
  • The rcrack/rcrack_cuda program support both .rt and .rtc rainbow table file format
  • Conversion from non-perfect to perfect rainbow table is supported by rt2rtc utility

Smaller rainbow table significantly improve table lookup performance!

Introduction
RainbowCrack is a general propose implementation of Philippe Oechslin’s faster time-memory trade-off technique. It cracks hashes with rainbow tables.

Features:

  • Full time-memory tradeoff tool suites, including rainbow table generation, sort, conversion and lookup
  • Support rainbow table of any hash algorithm
  • Support rainbow table of any charset
  • Support rainbow table in raw file format (.rt) and compact file format (.rtc)
  • Computation on multi-core processor support
  • Computation on GPU (via NVIDIA CUDA technology) support (not freely available)
  • Computation on multi-GPU (via NVIDIA CUDA technology) support (not freely available)
  • Runs on Windows XP 32-bit and Windows Vista 32-bit
  • Command line user interface

A brute force hash cracker generate all possible plaintexts and compute the corresponding hashes on the fly, and then compare the hashes with the target hash. The plaintext is found if one of them match, otherwise the intermediate computation results are discarded.

A time-memory tradeoff hash cracker need a precomputation stage, at the time all plaintext/hash pair within the selected hash algorithm, charset, plaintext length range are computed and the results are stored in files called rainbow table. It is time consuming to do this kind of computation. Once the one time precomputation is finished, hashes within the table can be cracked with much better performance than a brute force cracker.

Visit http://project-rainbowcrack.com/ for more information.

[img src]