QTP Hackers – How to decrypt encrypted (SetSecure’d) password
Using QuickTest Professional and this approach, you can hack email accounts published on Internet. Are you interested? 🙂 So, continue reading this QTP tutorial for details.
I’ve just recorded a simple script, which signs into Gmail. It:
- Fills ‘Username’ in
- Fills ‘Password’ in
- Clicks ‘Sign in’ button
As you can see, QTP script is simple enough.
I’ve set “someaccount” to ‘Username’ editbox. But what about ‘Password’ editbox? What value have I filled in?
QTP encrypted the password using SetSecure method:
QTP Help:
The SetSecure method is recorded when a password or other secure text is entered.
The text is encrypted while recording and decrypted during the test run.
There is one trick. Apply SetSecure method to non-secured edit box!
Instead of this QTP code:
I run this QTP script:
And the result of this QTP script is:
So, this is an easy way to decrypt an encrypted password in QTP.
By the way, there are two ways how to decrypt a password in QuickTest Professional:
- Using Crypt.Encrypt
str = “Some Text”
encrStr = Crypt.Encrypt(str)‘encrStr’ will contain an encrypted text.
- Using Password Encoder from ‘Start/Programs/QuickTest Professional/Tools’
- I explained two ways how to crypt a text in QTP
- I shown an approach how to decrypt an encrypted text
Well, I promised to show how to hack email addresses… I remember!
I searched several QTP sites and forums for “SetSecure” function and found that some QTP engineers published their code snippets with encrypted passwords (for example, entrance into email accounts) 🙂
Now you know how to “read” (=steal) passwords in plain text.
Why do I tell that?
Just to remind – be careful when you publish such private info on Internet.