SWFScan download
SWFScan FAQ
A good description here so I don't have to plagiarize
Did a quick search for login.swf and found one (actually lots). Let's fire up SWFScan and see what we can see.
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjFE3qAIK6nmZouFuzcF2qzyRjGkWqvEjuTCQR0UI0t04sv-FbUOIJu2vJhVRyY35m8txNbodLX50kbiUuqK6wE3MHyD9yoOGdbH1KdidrSnlQP9WXPRW3LOv0FcuGSB3NcyhN9tNBISBA/s400/swfscan1-crop.png)
Open it and decompile the .swf. We see a hardcoded password.
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgVts7KcDGEQSq3Zi2HPSwHICix0qTevl97QcZ2kpi49BXWih46i3ZR8YPLHhDqXhiVgO8eVriLsc06MfA_n6yx8PDYRC4DtwCFfVyWrLIrT8pU3kTiLNwu_FCOO2NjDOdGdsV2fb80kTQ/s400/swfscan2-crop.png)
Just to be sure that it actually does any checking
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjfSckEw8wDuNm-ThFi88VcWQpIiN5xg66te9E3Gwm5Q2tRVxyv_rq2W-58Vr89Wpcqv84wrPpQVIU93_cIrud3O5ptBUvC8zIluF9doSW1AsFap0FR6bQoKu1cNKfLPIN67Mcs3Ex_0_w/s400/swfscan3-crop.png)
Ok its working. They're not letting just anyone in there!
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhsp70NLXZm1lnyOYGf4g_8RfGYWeN4YnJk-Ms0dDlWs0-0FagK8_m7zKYbSTjzxwSkNdl-BE34Bj1SozdsU1XrvizHskwHP_f4v09GVZxqDcV8w89QUpHBRPjFahr_BVyQ2eB0tjD0MBQ/s400/swfscan4-crop.png)
Because the code just jams the username and password box together we can just throw the whole thing in the username block or mix it up however you want.
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgSGKDxnmsMSBHkCTuD1ExiFAEXkuBLpm1sIqJkkiE2XvoEQkWS-HWcqUQ0NBtHbngNHPb88ONh5qskWRM4fwGyzzs74gCmd9u58k-ATJs44q-FTzQ-wgpg8kxKWhuQyYMQGHjEo53StLY/s400/swfscan5-crop.png)
weeeeeeeeeeeeee!
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEilOkseN8PVUPJZimpCkk0cYmrNIwjCwXqbFZIyj8fLJc0H2gOPCld08ksiLgajd3L7jLK0K2g-ySqiFqRpwmXCNUvt6cWrDD82dfqszBbN5nr0WrCwrpyg84A8ZfUimd88HZwZHJlXIdE/s400/swfscan6-crop.png)
Just to make sure it wasnt beginner's luck...
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjj5671gLyHe5JLyrHGETVsVyMICvx515ZmIrpyGdgkCCQzDypY85IVKDmZrByLEensbcjZ6zGvAdC1CFjSixBeMS1L1nzfGRs36imQ2V73bw7yJhs5pec0T-wY4NAvRZLhjbF9UjdHOfs/s400/swfscan7-crop.png)
Happy decompiling...
Additional Info can be found on the pdc #172 show notes:
http://pauldotcom.com/wiki/index.php/Episode172
Link to Blackhat talk
http://www.blackhat.com/presentations/bh-dc-09/Jagdale/BlackHat-DC-09-Jagdale-Blinded-by-Flash.pdf
No comments:
Post a Comment