C # Programming Let Outlook obediently surrender account password

Many people are used to having Outlook remember the password, and you don't have to enter your email password every time you receive it. But for a long time, sloppy people will forget their e-mail password, so that you can not reset or login to the Web interface to receive mail. Outlook will never tell you what the password is for your mailbox, and even if you find the key value for the Outlook storage account and password information in the registry, you cannot extract the password because the password information is stored in encrypted form. Our response is to take action on the weakest link in the security mechanism in the mailbox service ... As we all know, the POP3 protocol is essentially a clear-text protocol, that is, although the password that is stored locally by Outlook is encrypted, the password must be provided in clear text when it connects to the POP3 server to prepare for receiving mail. So, as long as we develop a POP3 server (not necessarily a fully functional POP3 server, just cheat Outlook) and let Outlook receive mail from that server, Outlook will obediently hand over the encrypted password. In fact, this approach applies not only to Outlook, but also to all mail clients that use POP3, such as Outlook Express, Foxmail, and so on. First, construct POP3 server
Below we will use Vs.net 2003 and C # to develop a "pseudo" POP3 server-the reason that it is "pseudo", that is because it has only extremely limited functionality, only to cheat the mailbox password to stop. Start Vs.net 2003, create a new C # project, the project's template Select "Console Application", name the project PServer, click "OK" to build the project, as shown in 1:

Figure 1 Creating a new C # project

Vs. NET automatically creates PServer namespaces, CLASS1 classes, and main function skeletons. Add the following three statements after the top of the Class1.cs file using the system statement:

Using System.Net;
Using System.Net.Sockets;
Using System.Text;

The next task is to modify the main function so that it listens for requests from Outlook as a POP3 server, and when Outlook tries to connect to this PServer server, according to the requirements of the POP3 protocol, We confirm the account name provided by the Outlook user and ask for a password, and after Outlook provides the password, we output the password on the console so that the task is completed!

In the main function, our first task is to start a POP3 server. To do this, we will create a ipendpoint with the class defined by the System.Net.Sockets namespace, let a TCP server listen to the endpoint and receive requests from the client:

Create a TCP server on the 127.0.0.1 (local machine) and listen
110-Port Request (110 is the default port for the POP3 server)
IPEndPoint IPEndPoint = new IPEndPoint (Ipaddress.parse ("127.0.0.1"), 110);
TcpListener tcpserver = new TcpListener (IPEndPoint);
Tcpserver.start ();
Waiting for connection requests from POP3 client programs such as Outlook
TcpClient TcpClient = Tcpserver.accepttcpclient ();

When a POP3 client connects to the server, the server must respond to the client program as required by the POP3 protocol. Based on the definition of the RFC 1939 specification of the POP3 protocol, the first thing a server needs to do is return a welcome message:

Returning welcome information to the client program
NetworkStream ns = Tcpclient.getstream ();
byte[] Outbytes = Encoding.ASCII.GetBytes ("+ok Welcome" + Environment.NewLine);
Ns. Write (outbytes,0,outbytes. Length);

Once the customer receives the welcome message, the account name is also sent as requested by the POP3 protocol. We record this account name for later use, the code is as follows:

Receive and record mailbox account names
byte[] userbytes = new byte[255];
Ns. Read (userbytes,0,userbytes.length);

After receiving the account name information, we want to tell Outlook that there is no problem with the name, the client program will send the password as soon as the message is received, and then we can record the password. The implementation code is:

Tell the client program that the account name is correct
Outbytes = Encoding.ASCII.GetBytes ("+ok" + Environment.NewLine);
Ns. Write (outbytes,0,outbytes. Length);
Receive and record account passwords
byte[] pwdbytes = new byte[255];
Ns. Read (pwdbytes,0,pwdbytes.length);

The next thing to do is get the contents of the byte array, convert them into strings, and then output them to the console:

Display the account name, password on the console
Console.WriteLine ("Account name:" + Encoding.ASCII.GetString (userbytes));
Console.WriteLine ("Account password:" + Encoding.ASCII.GetString (pwdbytes));

Now that the password has been obtained, the task for the server has been completed and you can turn it off. Forcing the server to shut down causes the client program to display an error message, but we don't care. The code to shut down the server is:

Shutting down the server
Ns. Close ();
Tcpclient.close ();
Tcpserver.stop ();

Put all the code above into the main function, and compile it to get a PServer.exe execution file, it is our pseudo-POP3 server. The PServer.exe volume is small and the release version is only a few kilobytes.

Second, get the password

Start PServer.exe first, and let our pseudo-POP3 server start listening for requests from the client program.

Start Outlook, click menu "tools → email account", select "View or change existing e-mail account", locate the email account to recover the password, click "Change" to open its Properties dialog box, 2, set the POP3 server to localhost:

Figure 2 Changing Outlook e-mail accounts

When you receive a message in Outlook, 3 shows that Outlook reports that the server is disconnected and does not need to be ignored.

Figure 3 Outlook has sent the password to the pseudo-POP3 server

Now PServer.exe has got the password for the account, as shown in 4, the password for the ABC account was originally ABCDEFG:

Figure 4 The user name and password returned by the pseudo-POP3 server

Third, the use of sniffer tools

Based on the fact that the POP3 password is passed in clear text on the network, we can also use the Sniffer tool to analyze TCP/IP communication process to obtain the account password. If you do not have a vs.net development tool, you can use this method to obtain the password. Even if you have vs.net, you can use the sniffer tool to understand the details of POP3 communication and deepen your understanding of POP3 communication, which is beneficial for us to use the POP3 protocol in a programmatic way.

There are many sniffer tools that can analyze TCP/IP communication, ethereal is a well-known free cross-platform analysis tool. Let's take it as an example to see the POP3 communication steps and the process of intercepting the POP3 password.

Download the WinPcap driver and the Ethereal software package from http://www.ethereal.com/distribution/win32/(the two sizes are approximately KB and 8.1 MB respectively), install WinPcap, Install the ethereal again.

Start ethereal, select Menu Capture→start, in the Figure 5 interface, interface bar Select the Internet Communication Network card, click OK.

Figure 5 Ethereal

Start Outlook, collect the message with the Forgotten password account (do not change the account's POP3 server to localhost), and then click the Stop button in ethereal. Figure 6 shows the results of a single experiment:

Figure 6 Sniff results

Ethereal's sniffing results show the process of Outlook communicating with the server in detail. As we described earlier, from No 6 (figure seven the leftmost column number) recording started, the client program and the server established a POP3 communication contact: No 6 server answer said OK, indicating that the server is running normally, can provide services, No 7 client program send a request user LTT, That is to tell the server mailbox account name Ltt,no 8 is the TCP communication data, we do not care, No 9 record server answer said "+ok" (account name no problem), and asked to provide LTT account password, No 10 record client program sent message "PASS llll", Which LLLL is to look for the password, No 11 record server replied that Ok,no 12 record client send request STAT,STAT command request server in canonical format return the number of messages, Occupy space, No 13 records server replied that the number of messages 0, occupy space 0, and finally, No 14 Record client program send quit end session request, No 15 Record server End session-This is a complete POP3 communication process.

If you encounter a lost password, you can grasp everything by yourself.

The source program can be downloaded here.

C # Programming Let Outlook obediently surrender account password