RE: Revealing Username & Password Quark 6.0

From: Tony Mihaljevic (Tony.Mihaljevic@tns.com.au)
Date: Tue May 08 2007 - 05:38:51 EDT

• Next message: Dotzero: "Re: Opinions of automated testers"
• Previous message: Adrian Chiang: "Metasploit"
• In reply to: Edgar Romero: "RE: Revealing Username & Password Quark 6.0"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Why not just reverse engineer the application to let you in, then change
the password.

IDA is your friend.

-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com]
On Behalf Of Edgar Romero
Sent: Sunday, 6 May 2007 8:55 AM
To: s-williams@nyc.rr.com; listbounce@securityfocus.com;
pen-test@securityfocus.com
Subject: RE: Revealing Username & Password Quark 6.0

Just ask him, no matter how bad the situation was I am sure he will give
it to you. Swollow your pride, let him have one last laugh. Find someone
he associated with frequently and have them ask him. Social engineer
him, get what you need, then secure your systems. Make sure you change
pw on system and bot accounts as well.

-----Original Message-----
From: s-williams@nyc.rr.com
Date: 5/5/07 2:48 pm
To: listbounce@securityfocus.com, pen-test@securityfocus.com
Subj: Revealing Username & Password Quark 6.0

Hello list,

We just changed system admins at my job and no one knows the username
and password for our Quark Xpress licsening system program. This
program manages all the users who has rights to use the application, and
if we have a new student we need to log in and create an account for the
student, so the can be able to use the app.

Has anyone audited this application before?
"A wise man ask questions, a fool is afraid of knowledge"

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------

• Next message: Dotzero: "Re: Opinions of automated testers"
• Previous message: Adrian Chiang: "Metasploit"
• In reply to: Edgar Romero: "RE: Revealing Username & Password Quark 6.0"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:46 EDT