Tuesday, March 9, 2010

Find your friends gmail password

7:38 PM Sanket Barot 1 comment

I have quoted in one of my old article that gtalk has a serious security issue, which has not been rectified till now. Using this flaw we can login into a friends’ gmail account without knowing their password.

Gtalk stores its account information in the Windows Registry, that too in text format. Everything in it except the password in unencrypted.

I wonder how Google considers this as a safety measure. Though we cannot view the password directly from Windows registry, we can use the encrypted password to login to gtalk or gmail, even without knowing the actual password.

Here is the step by step guide to get an encrypted password from another computer and use it to login in your computer.

Note: You need to have access to the other computer to get the encrypted text, however if you are good in programming, you can use your skills in making a bot which can retrieve the encrypted passwords and mail to your inbox. Also you can access their encrypted password, if the user has chosen to remember his password atleast once during sign in.

In friend’s System

  1. Open “Run” windows, this can be done by clicking on “Start menu” or pressing “Window Key + R”.
  2. Type “regedit” and Click on “OK”

Run window

Run window

  1. This will open the Windows Registry Editor.
  2. Select the Hive HKEY_CURRENT_USER.

corel015 Find your friends gmail password

  1. Then under that select HKEY_CURRENT_USER -> Software -> Google -> Google Talk -> Accounts
  2. This will list the accounts he that person the logged in with his computer.
  3. Open the account you want to get password, in my case I have selected rkdperil@gmail.com
  4. In the right panel you can see the Field “pw” , this contains the encrypted password of that gmail account.

corel016 Find your friends gmail password

Copy the string in "pw" field

  1. This encrypted password is independent of the computer used.
  2. So this password can be copied to some other computer and we can login through this.

In Your System

  1. Open Gtalk, in the login form , type your friend’s id and some temporary password and select “ Remember Password“
  2. Click on Sign in button, the login will fail.
  3. Now open your Windows Registry and goto the gtalk account information folder (HKEY_CURRENT_USER -> Software -> Google -> Google Talk -> Accounts)
  4. Locate your friend’s email id there, select it. You double click the “pw” field can see some random value.
  5. Now replace it with the encrypted password you got from your friend’s computer and paste it here.
  6. Download a gTalk password recovery software, there are lots of such tool available.
  7. Run the recovery program and it will successfully decrypt you friend’s password.
  8. That’s it. You are done.

Hope you make the most out of this within Google solves this vulnerability.

Posted in: ,,,,,,,,,,

1 comments:

Anonymous said...

i really the post of your blog and this is really nice.

custom logo design

September 6, 2010 at 3:59 PM

Post a Comment

RSS FeedRSS Subscription!
Follow me!Follow me!

 
Design and Bloggerized by JMD Computer