ScreenSaver Password decoder

Display the password defined for the screensaver on Win95

Retrieve the screen saver password.
Asyou can see, there is a big security hole in Windows 95/98, this prog will display the password decrypted from the registry.
Used with Net possibilities of WSH, an admin could retrieve all users passwords.
Imagine a virus collecting all password and sending them to an e-mail account over the net with the ole automation possibilities ofoutlook 98.

File Name : sspassword.vbs
Requirement : Win95
Author : Jean-Luc Antoine
Submitted : 01/09/2001
Category : Other
'~~Script~~., that is for educational purpose only : not all chars can be
'decrypted with this script and the source is not optimised. I've done a
'better one that will not be published.

'~~Script~~.

Dim a,b, c,x,s, mp, source,WshShell
Set WshShell = Wscript.CreateObject("Wscript.Shell")
a=WSHShell.RegRead("HKCU\Control Panel\desktop\ScreenSaveUsePassword")
If a = 0 Then MsgBox "Password not activated" : WScript.Quit(1)
a = WSHShell.RegRead("HKCU\Control Panel\desktop\ScreenSave_Data")

c="A303941463337354332363238453035413342434430364239313544344436"
c=c & "B304141433334354632353242453335393338434530354241313644374435"
c=c & "C304241443335354532343241453235383339434630344242313744364434"
c=c & "D304341413332353932333244453535463345433830334243313044314433"
c=c & "E304441423333353832323243453435453346433930324244313144304432"
c=c & "F304541383330354232313246453735443343434130314245313544334431"
c=c & "G304641393331354132303245453635433344434230304246313344324430"
c=c & "H303041363345353532463231453935333332433430464230314344444446"
c=c & "I303141373346353432453230453835323333433530454231314444434445"
c=c & "J303241343343353732443233454235313330433630444232314544464444"
c=c & "K303341353344353632433232454135303331433730434233314644454443"
c=c & "L303441323341353132423235454435373336433030424234313844394442"
c=c & "M303541333342353032413234454335363337433130414235313944384441"
c=c & "N303641303338353332393237454635353334433230394236314144424439"
c=c & "O303741313339353232383236454535343335433330384237314244414438"
c=c & "P313842453236344433373339463134423241444331374138303443354337"
c=c & "Q313942463237344333363338463034413242444431364139303543344336"
c=c & "R314142433234344633353342463334393238444531354141303643374335"
c=c & "S314242443235344533343341463234383239444631344142303743364334"
c=c & "T314342413232343933333344463534463245443831334143303043314333"
c=c & "U314442423233343833323343463434453246443931324144303143304332"
c=c & "V314542383230344233313346463734443243444131314145303243334331"
c=c & "W314642393231344133303345463634433244444231304146303343324330"
c=c & "X313042363245343533463331463934333232443431464130304343444346"
c=c & "Y313142373246343433453330463834323233443531454131304443434345"
c=c & "Z313242343243343733443333464234313230443631444132304543464344"
c=c & "Æ384532384230444241314146363744444243344138313345393235333531"
c=c & "Ø393033364145433542464231373943334132353439463230384334443446"
c=c & "Å384432424233443841324143363444454246343938323344393135303532"
c=c & "é383132374246443441454130363844324233343538453331394435433545"
c=c & "²464135434334414644354442313341394338334546353441453632373235"
c=c & chr(34) & "364143433534334634353442383333393538414536354441373642374235"
c=c & "'364643393531334134303445383633433544414236304446373342324230"
c=c & "&364543383530334234313446383733443543414136314445373242334231"
c=c & " 363843453536334434373439383133423541414336374438373442354237"
c=c & "0373844453436324435373539393132423441424337374338363441354137"
c=c & "1373944463437324335363538393032413442424437364339363541344136"
c=c & "2374144433434324635353542393332393438424537354341363641374135"
c=c & "3374244443435324535343541393232383439424637344342363741364134"
c=c & "4374344413432323935333544393532463445423837334343363041314133"
c=c & "5374444423433323835323543393432453446423937324344363141304132"
c=c & "6374544383430324235313546393732443443424137314345363241334131"
c=c & "7374644393431324135303545393632433444424237304346363341324130"
c=c & "8373044363445323535463531393932333432423437464330364341444146"
c=c & "9373144373446323435453530393832323433423537454331364441434145"

source=""
x = 0
while a(x) <> 0
  source = source & Chr(a(x))
  x = x + 1
wend

s = ""
For b = 0 To (len(c)/61)-1
    s = s & Mid(c,1+b*61,1)
    For x = 1 To 30
     s = s & Chr((Asc(Mid(c,x*2+b*61,1))-48)*16+Asc(Mid(c,x*2+1+b*61,1))-48)
    Next
Next

mp=""
for a = 1 to (len(source)/2)
  for b=0 to (len(c)/61)-1
    if mid(s,b*31+a*2,2)=mid(source,a*2-1,2) then mp=mp & mid(s,b*31+1,1)
  next
  if len(mp)<>a then mp=mp & "?"
next
msgbox "The Screen saver's password is : " & mp
Server Info
Remote Info
Compress

Batchs
BootSector
Droit
Accessoire GFA
On Now
Ecran plasma
Système d'exploitation
Son
Unités
Scripting
Multilingue
Site Web
Bruit et son
Architecture Google


4K
Color picker
TaskList
Backup files
Mini Port Scanner
Website To CHM
PixyDemo
Web password recovery
4KWebServer
Kill Popup
VBE decoder
Script Optimizer
Database Password Recovery
Class
Ini
EMail validator
Graphical Class
MP3 Info
Pinger Class
IP ranger class
SoftwareMetering
Path Validator
Time Stamper Class
LoggerCLS
HTA
Keyword Ranking
DOM Explorer
HTA-Notepad
PixyPortManager
Other
flashMessage
Kill Popup
VBE decoder (fixed)
Error Codes
Maze generator
Char counter
HTML To Word
ICQ Choose User
ScreenSaver Password decoder
Mp3Playlister - singleList
Long Filename To Short
Trace Math
Dump Hexa File
Self modifying script
Mp3Playlister - multiList
HTANoid
PixyWebServer
Python
Progress indication

©2002 Jean-Luc Antoine. All Rights Reserved. Scripts or any other material on this website may not be redistributed or put as part of ANY collection (script archives, CDs etc) without prior written permission. Permission granted to use and modify any of the scripts found on InterClasse.com