I have quoted in one of my old article ( http://www.bytechip.com/?p=241 ) that gtalk has a serious security issue, which has not been rectified till now. Using this flaw we can login into a friends’ gmail account without knowing their password.
Gtalk stores its account information in the Windows Registry, that too in text format. Everything in it except the password in unencrypted.
I wonder how Google considers this as a safety measure. Though we cannot view the password directly from Windows registry, we can use the encrypted password to login to gtalk or gmail, even without knowing the actual password.
Here is the step by step guide to get an encrypted password from another computer and use it to login in your computer.
Note: You need to have access to the other computer to get the encrypted text, however if you are good in programming, you can use your skills in making a bot which can retrieve the encrypted passwords and mail to your inbox. Also you can access their encrypted password, if the user has chosen to remember his password atleast once during sign in.
In friend’s System
- Open “Run” windows, this can be done by clicking on “Start menu” or pressing “Window Key + R”.
- Type “regedit” and Click on “OK”
Run window
- This will open the Windows Registry Editor.
- Select the Hive HKEY_CURRENT_USER.
- Then under that select HKEY_CURRENT_USER -> Software -> Google -> Google Talk -> Accounts
- This will list the accounts he that person the logged in with his computer.
- Open the account you want to get password, in my case I have selected rkdperil@gmail.com
- In the right panel you can see the Field “pw” , this contains the encrypted password of that gmail account.
Copy the string in "pw" field
- This encrypted password is independent of the computer used.
- So this password can be copied to some other computer and we can login through this.
In Your System
- Open Gtalk, in the login form , type your friend’s id and some temporary password and select “ Remember Password“
- Click on Sign in button, the login will fail.
- Now open your Windows Registry and goto the gtalk account information folder (HKEY_CURRENT_USER -> Software -> Google -> Google Talk -> Accounts)
- Locate your friend’s email id there, select it. You double click the “pw” field can see some random value.
- Now replace it with the encrypted password you got from your friend’s computer and paste it here.
- Download a gTalk password recovery software, there are lots of such tool available.
- Run the recovery program and it will successfully decrypt you friend’s password.
- That’s it. You are done.
Hope you make the most out of this within Google solves this vulnerability.
Hi,
Awesome one!! I really appreciate the precision and details that has been fed to this post.
Regards,
Sriram
Hey dude in vista there is no field called “pw” pls check on this
dude i am sorry for the previous comment actually in some user pw is there… what should we do for other which is not having
Nice one mate..
Its really amazing.. but I don’t use GTalk Rather I use from Gmail. Is there any alternate for it???
.-= Pavan Somu´s latest blog ..Computer Training (Beginner To Advanced) =-.
Nope , only the password from gtalk is stored in registry,. talking about gmail., the chances are little, especially when the cookies are deleted often , then no way we can retreive. But there is one trick i can tell you ,. Firefox has a plugin to log the keystrokes ,. so all keys entered are stored ., i suggest that will help a little.
Nice tip …Its also same for yahoo messenger ,but in that we have to open program files then yahoo then profile all IDs are stored there but not password..
Nice tip…..
Thats right shivraj, the profiles and the chats are stored in program files ., but i believe the password in somewhere encrypted in the registry., which i was not able to find. I’ll soon post a topic on it when i find it out.
.-= Ramkumar´s latest blog ..Get your site advertised on ByteChip for free =-.
This is interesting! Let me try this out.
But this would still require you to have access to your friend’s computer, right?
One more reason to stay away from using public computers at cyber cafe and all, I’d say…
.-= TechChunks´s latest blog ..LayerOnline – A Competitive Candidate in Web Hosting (Review) =-.
@TechChunks. Ya thats right
.-= Ramkumar´s latest blog ..Get your site advertised on ByteChip for free =-.
Thanks Blog4 Boys
This is really nice trick. Thanks for sharing
.-= Pavan Kumar´s latest blog ..Sneha to come as Pilot in the Indian Air Force =-.
Welcome Pavan
I wouldn’t call this a HACK! We are not finding out someone’s gtalk password remotely. In fact, we need physical access to the computer and without that we can’t do anything.
It could be a security flaw; but by no means a hack. If someone calls this a hack then better we call keyloggers as hacking methods
.-= TechChunks´s latest blog ..Got 1500 Facebook/Twitter Friends? Your Brain Can’t Even Handle 150 =-.
I have taken three of my friends password through this method dude, as long as they are frnds we wont have any problem accessing their comp.
I bet you did!
But if I were you I’d just ask them for their passwords and they would have given me (being my FRIENDS)! No need of any nifty tricks! LOLs
Jokes apart, I wonder how would you do this with a foe’s computer though!
.-= TechChunks´s latest blog ..Control Gecko With Your Fingertips: GTA Chinatown Wars on iPhones [Video Game Review] =-.
That case bro, you can make a program or a script that wil grab the registry value and send it to you by mail, you can do this with VB
I’m sure it is possible. But wouldn’t that make you a malware writer (because you will eventually need to transmit your script in some way to the other computer)?
.-= TechChunks´s latest blog ..What People Said About the iPod 9 Years Ago When it Launched =-.
Ha ha , ya dude, And ofcourse it will be an honour to be a malware writer,. I dont believe in Cyber ethics,