Date: Thu, 10 Jan 2013 10:20:58 +0200 From: Milen Rangelov <gat3way@...il.com> To: john-dev@...ts.openwall.com Subject: Re: npdf2john Thanks, Looks like offline attack would not be possible for Android :( Unless there is some way to get the mail address of course... On Thu, Jan 10, 2013 at 4:11 AM, shane Shane <shane@...twareontheside.info>wrote: > You need root even when looking at the file system from eclipse or adb > shell to get the local data but if you clear the local cache and then > choose to store on sd card and login in again it will store on the sd card > so you can grab the data. Here is some sample data from my droid, with a > fake lastpass account. > Email:test@...twareontheside.info > Password:testtest > > http://ubuntuone.com/6aOO2QeuN5ZIDU8z0y3Oss > > > On Wed, Jan 9, 2013 at 9:32 PM, shane Shane <shane@...twareontheside.info>wrote: > >> Yeah I think you can do it with developer mode enabled from eclipse. If >> you go into the DDMS view in eclipse. I'll have a little look at it tonight. >> >> On Wed, Jan 9, 2013 at 6:58 PM, Milen Rangelov <gat3way@...il.com> wrote: >> >>> Thanks for those! >>> >>> I can now confirm that LastPass Chrome and Opera work the same way on >>> Windows/Linux/OSX. I also tried to analyze Android's implementation, but >>> apparently it does not keep profile data (just the encrypted XML file which >>> contains URLs/passwords) on the SD card even if "store on SD card" option >>> is enabled. Maybe that's a stupid question not asked on the right place, >>> but does anyone know a way to access the Android phone's internal memory >>> filesystem other than rooting it? >>> >>> >>> >>> On Fri, Jan 4, 2013 at 9:38 PM, Rich Rumble <richrumble@...il.com>wrote: >>> >>>> On Fri, Jan 4, 2013 at 10:21 AM, shane Shane >>>> <shane@...twareontheside.info> wrote: >>>> > I don't mind looking into the LastPass on windows. I'm usually a >>>> Linux guy >>>> > but I have a box I dual boot at home but I'll have to talk to my >>>> supervisor >>>> > for my 4th year project first. I want to help out with john's >>>> development >>>> > but I want to make sure I'm getting academic credit for it and at the >>>> moment >>>> > the scope of the project is only to do with distributed document >>>> cracking. >>>> I've added about 8 files (in one zip)for win32 Lastpass with a >>>> Readme.txt further explaining what each file is, but the filenames >>>> should be very clear on what they are. >>>> http://openwall.info/wiki/john/sample-non-hashes#LastPass >>>> >>>> For example: >>>> LP_win32_ff_500_password12345678.xml >>>> Lastpass, windows, firefox, 500 iterations, password12345678. The >>>> email/username if needed is also included in the readme. >>>> I've also exported the sqlite 3 chrome files to plain-text SQL files >>>> if that helps anyone. >>>> -rich >>>> >>> >>> >> > Content of type "text/html" skipped
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.