Scribd
Upload
1K views3 pages

QTP Hackers - How To Decrypt Encrypted Password

This document describes how to decrypt encrypted passwords recorded in QuickTest Professional (QTP) scripts. It explains that QTP encrypts passwords using the SetSecure method, but the encrypted value can be decrypted by applying SetSecure to a non-secured edit box, revealing the original plaintext password. Two additional methods for encrypting and decrypting text in QTP are also listed. The purpose is to demonstrate how to obtain plaintext passwords from QTP scripts found online in order to potentially hack into email accounts.

Uploaded by

api-19840982
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOC, PDF, TXT or read online on Scribd
1K views3 pages

QTP Hackers - How To Decrypt Encrypted Password

This document describes how to decrypt encrypted passwords recorded in QuickTest Professional (QTP) scripts. It explains that QTP encrypts passwords using the SetSecure method, but the encrypted value can be decrypted by applying SetSecure to a non-secured edit box, revealing the original plaintext password. Two additional methods for encrypting and decrypting text in QTP are also listed. The purpose is to demonstrate how to obtain plaintext passwords from QTP scripts found online in order to potentially hack into email accounts.

Uploaded by

api-19840982
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOC, PDF, TXT or read online on Scribd
You are on page 1/ 3

QTP Hackers - How to decrypt encrypted (SetSecure'd)

password

I will explain you how to decode an encoded password in QTP.


Using QuickTest Professional and this approach, you can hack email accounts
published on Internet. Are you interested? :) So, continue reading this QTP
tutorial for details.

I've just recorded a simple script, which signs into Gmail. It:

1. Fills 'Username' in
2. Fills 'Password' in
3. Clicks 'Sign in' button

And the recorded QTP script is:


Browser("Gmail").Page("Gmail").WebEdit("Email").Set
"someaccount"
Browser("Gmail").Page("Gmail").WebEdit("Passwd").SetSecure
"493844a99bee0e3ab952f2e867fd08e3"
Browser("Gmail").Page("Gmail").WebButton("Sign in").Click

As you can see, QTP script is simple enough.


I've set "someaccount" to 'Username' editbox. But what about 'Password'
editbox? What value have I filled in?

QTP encrypted the password using SetSecure method:


WebEdit("Passwd").SetSecure
"493844a99bee0e3ab952f2e867fd08e3"
QTP Help:
The SetSecure method is recorded when a password or other secure text is
entered.
The text is encrypted while recording and decrypted during the test run.

How to know the initial text?

There is one trick. Apply SetSecure method to non-secured edit box!


Instead of this QTP code:
Browser("Gmail").Page("Gmail").WebEdit("Email").Set
"someaccount"
Browser("Gmail").Page("Gmail").WebEdit("Passwd").SetSecure
"493844a99bee0e3ab952f2e867fd08e3"
I run this QTP script:
Browser("Gmail").Page("Gmail").WebEdit("Email").SetSecure
"493844a99bee0e3ab952f2e867fd08e3"
And the result of this QTP script is:

Yes, "mypwd" was encrypted to


"493844a99bee0e3ab952f2e867fd08e3". So, "mypwd" is the password
I filled!
So, this is an easy way to decrypt an encrypted password in QTP.

By the way, there are two ways how to decrypt a password in QuickTest
Professional:

1. Using Crypt.Encrypt

str = "Some Text"


encrStr = Crypt.Encrypt(str)

'encrStr' will contain an encrypted text.


2. Using Password Encoder from 'Start/Programs/QuickTest
Professional/Tools'

Summary:

• I explained two ways how to crypt a text in QTP


• I shown an approach how to decrypt an encrypted text

Well, I promised to show how to hack email addresses... I remember!

I searched several QTP sites and forums for "SetSecure" function and found
that some QTP engineers published their code snippets with encrypted
passwords (for example, entrance into email accounts) :)

Now you know how to "read" (=steal) passwords in plain text.

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy