AIM Password Grabbing
When a user signs into AOL Instant Messenger and stores their password by enabling the 'Save password' option, their password is stored within the computers registry - however, the password itself within the password entry field on AIM is replaced with the whole 'Saved' message.
The password can be recovered, or stolen, even though security measures are taken to counter any attempt at unmasking/copying the * entry or stealing the password. To do this, you will either need to 'steal' certain parts of a computers registry remotely, or be physically at the computer.
To Steal A Password.....
1) Run the Registry Editor by searching for 'regedit' from Start>Run...
2) Look into the following directory path: HKEY_CURRENT_USER>Software>America Online>AOL Instant Messenger>Current Version>Users.
3) Find the user you are looking for with the stored password. In the following steps, I'll use 'destroyka' as an example.
4) Drop down the directory named 'destroyka', then click the subdirectory titled 'Login'.
5) The entry named 'Password1' is your ticket to the users password...heh, surprise surprise eh? Even though the password is encrypted, you can copy the entire entry. A password entry looks something like this: Z0hFdshg4QE+NFSh999ysgsd3g354gSDGfF06wVKsVY=. To copy the value data, right-click the value name 'Password1', then click Modify. Select the entire value data entry, and simply copy it...or go on and be ghetto and write it down, your choice.
To Use A Stolen Password.....
1) Add a new user to a different PC by the AIM sign in menu, making sure you enter the user name in correctly (by the way, its not case-sensitive). The password does not have to be correct, just enter something like NORTENO4LIFE. BE SURE TO SAVE THE PASSWORD!!!
2) Run the Registry Editor by searching for 'regedit' from Start>Run...
3) Look into the following directory path: HKEY_CURRENT_USER>Software>America Online>AOL Instant Messenger>Current Version>Users.
4) Find the user you just added. Like I said in the previous steps, the name was 'destroyka'.
5) Drop down the directory named 'destroyka', then click the subdirectory titled 'Login'.
6) To replace the incorrect password with the actual password of destroyka, right-click the value name 'Password1', then click Modify. Erase the entire entry, then paste or key in the stolen coded password (again, the example password was Z0hFdshg4QE+NFSh999ysgsd3g354gSDGfF06wVKsVY=).
7) Completely exit out of AIM if you haven't yet, then load AIM again. Now log into the account destroyka and voila!
***remember, if you log into someone elses AIM account while they are logged in, both you and the other person(s) will recieve a message saying that they are now logged into multiple locations. this is enough to raise an eye-brow or two...
This process not only works for stored AIM passwords, but pretty much any password that is saved on a PC, such as Outlook, Yahoo! Instant Messenger (as far as I know...Im not a big fan of yim). To do this remotely, you'd have to use a trojan program like S7..I'm not saying that if you actually get a working copy of the program you'll surely 100% recover the victims regs.
IF ANYONE KNOWS HOW THE AIM PASSWORDS ARE CODED, PLEASE LET ME KNOW! I know its not MD, its too complicated for that basic two plus two algorithm lol. If I can find out how it coded, I'll update you all and write a walkthrough on decrypting the password so you don't have to registry edit in the long coded pass.
PS: Don't post replies telling me that you can't log in destroyka with the password I posted. It was an example. Besides, my AIM is theaurasoulja.
-destroyka
Last edited by destroyka; 02-16-2008 at 04:52 PM..
Reason: correcting a mistake
Linear Mode
