Hi again

Well, some times ago i wrote a little tool for me, but maybe it can be usefull for other people. I was searching a way to retrieve the passwords encrypted in my flashfxp sitemanager and I wrote this little app.
It very simple : it "emulates" a local ftp server (not really, only the few fonctions needed) on a given port and give you user & pass information as you connect to it.
So you can retrieve your saved passwords easily.

Well, click on the "Help" button, I think it very simple to understand.


Starsky32.

Nice tool. Was useful for me.

thx.

sorry about the previous post...my bad i shouldnt have jumped on it, i was too quick to thinking that it might have been a bad file.

Now actually did download the program and use it.

It is quite useful...nice alternative to dfxp

Thanks man for your work for making this.

I hope you arnt too mad at me anymore. I feel hell of bad lol.

Ok nvidia247, let me tell you something *stupid* lamer :

Think twice before saying my little tool is a spyware or something else that will steal your ftp adresses & pass.

I never posted a trojan or something like that -without- saying it. I'm not here to steal as I don't give a f*** of your ftp adress.

I'm not responsible if something like that exist but with trojan inside or something
that will report your passwords to someone else. THIS IS NOT THE CASE WITH MY TOOL. I MADE IT FOR MYSELF DUMBASS. And I'm not enough stupid to post a trojan here...


Well just monitor what my app is doing and you will understand it's totally safe, absolutely no information about you or your f****** ftp pass is send to nobody.

My app doesn't need to access the internet, in fact it doesn't access internet at all, it just simulate a local server on 127.0.0.1... Is your Firewall telling you my tool access the net ? and where is it sending pass & adresses ? to what ip ? *lamer* *lamer* *lamer*....

Well think what you want, download it or not, use it or not, i don't give a f*** about that - but I posted this because i thought it will be usefull for people, like the other things i posted before. Well what I have in return is just your stupid msg nvidia247... Well now I will keep my tools for me, if it's the better way to avoid stupid remarks like that...

Starsky

well put *nods*

why don't you post source too starsky if you made it yourself

open source! open source! open source! open source! open source! open source! open source! open source! open source! open source! open source! open source! open source! open source! open source! open source! open source! open source! open source! open source! open source! open source! open source! open source! open source! open source! open source! open source! open source! open source! open source! open source! open source! open source! open source! open source! open source! open source! open source! open source! open source! open source! open source! open source! open source! open source! open source! open source! open source! open source! open source! open source! open source! open source! open source! open source! open source! open source! open source! open source! open source! open source! open source! open source! open source! open source! open source! open source! open source! open source! open source! open source!

Well maybe this is my very last post.

What is your problem guys ?? Please tell me the reason why I have to justify myself ?

So, here's the LAST precision about this tool, cause I'm very upset about reading bullshit or something like "open source open source open source" -> what does it mean ?

I never intend to give the source of *all* my tools, there's no problem if you want some tricks to achieve same result or something like that, but I give the source only when I want and that's all. I have no explanations to give to you, not at all, sorry for you.

I posted this little tool because other people can find it *convenient* and THAT'S ALL.
And now what ? I have in return only supiscion ?

And what I see at the url nvidia247 posted ? Description about a tool who has NOTHING TO DO with mine. Please nvidia247, learn to read : the app in the forum thread url you posted is about *testing* "usuables" sites in your flashfxp site manager.... What's the link with my pass retriever tool ??


Welllllll guys, if it's like that: I WON'T give you the source, if you're not able to monitor with your firerwall or something like that what my *little* tool is doing, well...
WHAT ARE YOU DOING HERE ?

And again, for the LAST time : I made it for me, if you are afraid or don't trust me, there's two solutions for you:

-> monitor the activity of the tool
OR
-> don't download it

Starsky32....
...for the last time i think.

Bye.

Starsky.. please dont be a woman about this. I can understand why members are a lil hesitant to automatically trust the app. There have been members taht have uploaded virii or trojans here. Suspicsion (sp?) is a good start to being security minded. If everyone trusted any app that any person uplaoded, there would be no safe computer.

With that said...
Starsky has been a good standing member as of yet, so dont insinuate things about his app unless u have checked it yourself.

geeze, you get upset way too easy man.. i would take "open source" as a compliment, meaning they LIKE the app and would be interested as to see how it works...

i don't have a comp to test this on, but good job, i'm sure it works fine...

Many Thanks To w00dy and tweakz20. You're both Right.

And everyone please accept my apologies... In fact this week wasn't really good for me, i had many problems and that's why I got upset way too easy like you said tweakz20... After all, even if we spent lot of time on computers, we all have our problems in the real life. And I must admit I was stupid to react like that. Sorry again. I just felt a bit disapointed as it's not my habits to upload trojans to steal people. But of course, I know people already posted things like that (without mentionned it was a trojan) and you're right w00dy when you're saying suspicsion (sp? sp! yes ..damn keyboard lol...) is a good start to being security minded.

So, sorry again for my attitude. I will consider too posting the source, maybe. But while waiting it's a good exercise to analyse what connections the tool is trying to establish (only local as i said)

Starsky32.

Tnx, you did a good job!
Always nice to see people sharing there tools!

Thanks for sharing, this is usefull to me.

fwiw, this tool was compiled with lcc and then packed with fsg. I disassembled it and it does exactly what it claims to do. I know this isn't an issue and has already been discussed, but just wanted to add another verfication to the mix.

I did something like this with SSH awhile back so I could recover people's secureCRT saved ssh logins and passwords... that was useful because you can't sniff those :)

i've got a simplier solution use defxp to decrypt it to plain text. it will pharse your entire sites.dat and make a txt file w/ clear pwds out of it .

hope this helps,
mike

mike, I think the point was that you could simulate an ftp server and get *other* people to connect to it. Via ARP poisoning, redirecting, etc.

Of course, if you can do that stuff, you might as well just sniff it.

And I know where he's coming from. Open sourcing software is not always the best idea. Sometimes I want to keep the source for myself in case I were to get a job offer in the security world and they asked what I could bring to the table.

If anything, don't copyleft it with the GNU, just use a BSD or similar license so you can decide later on what you would like to do with it. Some people still question whether or not you can use your own code that has been GNU'd in a piece of commercial software.

Sure, other people cannot put it in *their* commercial software, but can you put it in *your* commercial software? That question remains unanswered.