Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Newbie question: Password retrieval using "ollydbg"
#1
Hi guys,

Here is my issue...

I purchased a monitoring software, installed the agent on the target PC, and the viewer on my PC.
I'm going to attempt to explain the way (I think) it works:

Background Info:
=======================
I install the viewer on my PC and activate it with a purchased (obtained) serial
I then generate an "agent installation" file and install it on the target PC
Once you install the agent on the target remote or LAN PC
You query your viewer (on my PC) for any PCs on LAN or WAN
It finds the target PC, click on it, and you're prompted for a password & port # to connect to that remote PC
You then have to go to the vendor's "password page" to retrieve the password and port #, which is needed to cnct to the target PC
You enter that info & Voila!

Everything worked fine until a few weeks a go when I realized that the vendors website is gone! they're out of biz...(I guess)

Luckily target PCs on which the agent is already installed still work fine, but I can no longer add new target PCs...Ok I stand corrected, "I CAN" but I cannot retrieve that specific agent password and port # from the vendor's "password page". Also if any of the already monitored PCs crash, I can re-install a new agent, but I would run into the same password and port retrieving problem!!!
=======================

I think the specific agent password is somewhere (stored/hidden) on target PC's hard drive. So I'm thinking of a two-prong strategy: short term & long term..

Short Term:
I'd like to be able to retrieve the pass and port #, since I have access to target PCs, as well as the actual agent installation file, since I generate it using the viewer, then I install it on the target PC.

Long Term:
Ideally, it would be nice if we can change the actual code on the agent installation file so that it passes a fix password and port number to the PC it is installed on.

I've done some reading and I've downloaded ollydbg and tutorials, but I have no idea where to start?, what to look for? and how?

To login to the agent software (monitoring tool), where I'm physically accessing the target PC I have to use Hot Keys. iow, there is no file that I can dbl-click on or drag onto odbg and open it. Once the gui opened up for me to input the password, I've tried dragging that (the gui) to Odbg, but to no avail. Note that when I open the agent software installation file with odbg and try to do a text search I get an odbg log that says installation failed to launch....

Please advise what specific info would be useful to you in order to help me out...I can try to do some basic "debugging" and send you specific log files per your request....

Any help is greatly appreciated!

Thank you in advance!

-Paul
Reply
Thanks given by: A-Man
#2
Any takers...pleaaaase?
Reply
Thanks given by:
#3
Wall of text.. my eyes are bleeding.

Anyway, it sounds like the the vendor actually set the password. So when you'd install the "agent" it'd go to the vendors server and get the password and port it would use. That is my guess anyway, I don't think it'd be easy to change. Can't you just use a different remote admin tool type thing?
[Image: doty7Xn.gif]

10 ʏᴇᴀʀs sɪɴᴄᴇ ɪʀᴄ ɢᴏᴏᴅ.ɪ ᴡᴀʟᴋ ᴛʜʀᴏᴜɢʜ ᴛʜᴇ ᴇᴍᴘᴛʏ sᴛʀᴇᴇᴛs ᴛʀʏɪɴɢ ᴛᴏ ᴛʜɪɴᴋ ᴏғ sᴏᴍᴇᴛʜɪɴɢ ᴇʟsᴇ ʙᴜᴛ ᴍʏ ᴘᴀᴛʜ ᴀʟᴡᴀʏs ʟᴇᴀᴅs ᴛᴏ ᴛʜᴇ ɪʀᴄ. ɪ sᴛᴀʀᴇ ᴀᴛ ᴛʜᴇ sᴄʀᴇᴇɴ ғᴏʀ ʜᴏᴜʀs ᴀɴᴅ ᴛʀʏ ᴛᴏ sᴜᴍᴍᴏɴ ᴛʜᴇ ɢᴏᴏᴅ ɪʀᴄ. ɪ ᴡᴀᴛᴄʜ ᴏᴛʜᴇʀ ɪʀᴄ ᴄʜᴀɴɴᴇʟs ʙᴜᴛ ɪᴛ ɪs ɴᴏ ɢᴏᴏᴅ. ɪ ᴘᴇsᴛᴇʀ ᴢᴏʀᴛ ᴀɴᴅ ᴛʀʏ ᴛᴏ ʀᴇsɪsᴛ ʜɪs sᴇxɪɴᴇss ʙᴜᴛ ɪᴛ ɪs ᴀʟʟ ᴍᴇᴀɴɪɴɢʟᴇss. ᴛʜᴇ ᴇɴᴅ ɪs ɴᴇᴀʀ.ɪ ᴛʜᴇɴ ᴜsᴜᴀʟʟʏ ʀᴇᴀᴅ sᴏᴍᴇ ᴏʟᴅ ɪʀᴄ ʟᴏɢs ᴀɴᴅ ᴄʀʏ ᴍʏsᴇʟғ ᴛᴏ sʟᴇᴇᴘ.


Reply
Thanks given by:




Users browsing this thread: 1 Guest(s)