XR3X
Clicky

Jump to content


Photo
APP

MozillaRecovery - retrieve master passwords of Firefox and Thunderbird

firefox

  • You cannot start a new topic
  • Please log in to reply
3 replies to this topic

#1 Deque

Deque

    Beginner

  • Members
  • Reputation: 12
    Fair
  • 11 posts
Contributor

Posted 26 September 2013 - 09:50 AM

MozillaRecovery

Requirements: Java 7

zh38p8b4.png

About the program

Once you start the program, it searches automatically for default locations of your key3.db in Firefox and, if not found, in the Thunderbird application directory. I prepared and tested this for Windows 7 and Linux. If it is not working for your OS, please tell me the default location for it. I just need the information to put that in. You can change the location by hand, of course.

key3.db is the file that is used to recover the master password. You can start a wordlist attack on that. The program ships with a default worldlist, but it is small (I didn't want to upload a wordlist file that adds several megabytes to the program). You can use your own list by changing the location.

Alternatively you can generate the words by activating the "generate words" checkbox. Although I used threads, word generation is limited to a word length of five (a bruteforce attack with a wordlength of six would take several days, so I don't allow that) and the alphabet a-zA-Z by now. I got about 30000 password tests per second on my machine.

Once you got the master password, it is very easy to obtain saved login information from signons.sqlite, since both, Thunderbird and Firefox, will show usernames and passwords in plain text. (google if you don't know how)

Conclusion: Always set a master password if you save login information with Thunderbird or Firefox. Otherwise the login information can be obtained without any problems.

About the Source

The only (non-standard) library I used is apache.log4j for logging purposes. You will see a properties file and a log folder. The standard logging level is WARN. If you change this level to INFO or DEBUG, the master passwords found with the program will be saved in there, so be careful with that option.

LOC: 914

The code was tested for: Firefox 9.01 Thunderbird 9.01, Windows XP, Vista, 7, Arch Linux

Problems?

Please make sure that you have Java 7.
If there are still problems, post the logging file that is in the logs folder.

Source:

Please Login or Register to see this Hidden Content


Program: attached

Attached Files



#2 x_h0rr0r_x

x_h0rr0r_x

    Advanced Member

  • Guru
  • Reputation: 197
    Very Good
  • 374 posts
Contributor

Posted 26 September 2013 - 11:28 PM

Nice Share... +rep

Future GURU?


                                                           


#3 Deque

Deque

    Beginner

  • Members
  • Reputation: 12
    Fair
  • 11 posts
Contributor

Posted 27 September 2013 - 06:05 AM

Thanks, x_h0rr0r_x.
What is a GURU?
I see that you are one, but what is the requirement?

#4 x_h0rr0r_x

x_h0rr0r_x

    Advanced Member

  • Guru
  • Reputation: 197
    Very Good
  • 374 posts
Contributor

Posted 27 September 2013 - 07:53 AM

It's all about contributing..Just a spot where certain things are shared behind closed doors..


                                                           






Also tagged with one or more of these keywords: app, firefox