Main Area and Open Discussion > General Software Discussion

iTunes Password Recovery (advice) Needed

(1/2) > >>

Stoic Joker:
Okay, first off yes it's a client machine ... I haven't lost my mind. :)

Google search results all seem to point to one password recovery tool, but there are more that a few things about it that just don't feel right.

It says it "portable", but comes (only) with a setup program.

It claims to have a command line version ... Which I'll be damned if I can find.

 - But seeing that the client's machine is already infected seven ways to Sunday... I figured what the hell and set it off anyhow -

The "Portable" setup claimed to be downloading something during the install. It claimed that it downloaded some-damn-thing.exe on port 53??? successfully. Even though the machine was running off-Wire, and in Safe Mode.

Now knowing the owner of said machine quite well, I do believe that the PW it claims to have recovered is legit ... But none the less, I find the apps behavior quite troubling.

So has anyone else seen/used/heard of this widget??

Renegade:
Never heard of it. :(

For the download, it might just be that it looks for an update, and has the messages wrong, e.g. update file 123.exe, no network, file 123.exe is still there, oh well... success!

The worrisome thing seems to be that passwords can be retrieved from browsers like that. :(

Carol Haynes:
Sounds suspicious to me - why not just get your friend to ask iTunes CS to send or reset the lost password? On the few occasions I have contacted them they have been pretty quick to respond and helpful (not that I have shopped at iTunes in the last couple of years).

40hz:
Scary site these guys have.

While it looks legit, it's just a little too perfect to my eyes. But I'm The cagey type when it comes to security. Especially crack tools.

Thats one of the reasons why I prefer open source software when it comes to security tools. Backdoors and Trojans get spotted a lot more easily if they're lurking in those.

Opening a port may not in itself be cause for alarm. But with a black box app, opening a port without asking, or (at the very least) without advance notice and explanation is considerably more worrisome.

Did some quick research and haven't found much of anything about the website as far as commentary or reviews. Which is odd considering how big and fancy that website is. Freebie info sites usually start small. You'd think the usual tech blogs would have covered it.

Maybe it's brand new? Which, if so, would also be a little odd considering how extensive and polished it is for a non-sales site. Didn't spot a single typo either. It's all extremely professional.

I'd want to know a lot more verifiable info about securityexploded.com and the people behind it before I'd be comfortable using anything they offer for download. Until then, I'd be very cautious.

But that's me.   ;D

Stoic Joker:
Never heard of it. :(-Renegade (October 04, 2011, 12:07 AM)
--- End quote ---

Me either, hence the question ;) ...But them again I maintain a vigilant iBan so it's hardly a shock I'd not run across it before. I had hoped you'd seen something of the nature before.


For the download, it might just be that it looks for an update, and has the messages wrong, e.g. update file 123.exe, no network, file 123.exe is still there, oh well... success!-Renegade (October 04, 2011, 12:07 AM)
--- End quote ---

While it was tempting to give it quarter in that fashion, the timeout just didn't feel right. Way to short to be a web check, and way to long to be an adapter check. Socket timeouts tend to be a real bitch unless you take great paint to slam it shut ... Which is of course in itself a rather odd behavior. Not to mention that getting the messages backwards is a pretty rookie mistake, and there is not a lot of rookies writing hacking tools. :)


The worrisome thing seems to be that passwords can be retrieved from browsers like that. :(
-Renegade (October 04, 2011, 12:07 AM)
--- End quote ---

I've used many password recovery tools for all kind of things so its existence is hardly shocking. But it is part of why I use f0dder's fskrit and never store passwords anywhere in the system.



Sounds suspicious to me - why not just get your friend to ask iTunes CS to send or reset the lost password? On the few occasions I have contacted them they have been pretty quick to respond and helpful (not that I have shopped at iTunes in the last couple of years).-Carol Haynes (October 04, 2011, 03:04 AM)
--- End quote ---

(Um...) *Shrug* Cracking tools are faster and more fun that sitting on hold waiting for tech support to rescue you from yourself.  :D

(But seriously...) I've had really good luck with this type of tool in the past ... This ones behavior just made me really uneasy about it's true intentions.


I did finally get past the rootkit (bootrec /fixmbr) last night and have at least partial control of the shell but the box still has major issues. I just like to play with one of the Uber infested machines now and then to see how long it takes (/if it can be) to get it completely cleaned.

Navigation

[0] Message Index

[#] Next page