Inspired by Rafal Los' talk at AppSec DC I started taking a look at SWFScan.SWFScan downloadSWFScan FAQA good description here so I don't have to plagiarizeDid a quick search for login.swf and found one (actually lots). Let's fire up SWFScan and see what we can see.Open it and decompile the .swf. We see a hardcoded password.just to be sure that it actually does any checkingOk its working. They're not letting just anyone in there!Because the code just jams the username and password box together we can just throw the whole thing in the username block or mix it up however you want.weeeeeeeeeeeeee!Just to make sure it wasnt beginner's luck...Happy decompiling...Additional Info can be found on the pdc #172 show notes:http://pauldotcom.com/wiki/index.php/Episode172Link to Blackhat talkhttp://www.blackhat.com/presentations/bh-dc-09/Jagdale/BlackHat-DC-09-Jagdale-Blinded-by-Flash.pdf
Inspired by Rafal Los' talk at AppSec DC I started taking a look at SWFScan.
SWFScan download
SWFScan FAQ
A good description here so I don't have to plagiarize
Did a quick search for login.swf and found one (actually lots). Let's fire up SWFScan and see what we can see.
Open it and decompile the .swf. We see a hardcoded password.
just to be sure that it actually does any checking
Ok its working. They're not letting just anyone in there!
Because the code just jams the username and password box together we can just throw the whole thing in the username block or mix it up however you want.
weeeeeeeeeeeeee!
Just to make sure it wasnt beginner's luck...
Happy decompiling...
Additional Info can be found on the pdc #172 show notes:
http://pauldotcom.com/wiki/index.php/Episode172
Link to Blackhat talk
http://www.blackhat.com/presentations/bh-dc-09/Jagdale/BlackHat-DC-09-Jagdale-Blinded-by-Flash.pdf
