How to Recover Saved Email Passwords in IPSwitch iMail

How to Recover Saved Email Passwords in IPSwitch iMail

This research article shows you all password secrets of  IPSwitch iMail – one of the popular Email clients.

IPSwitch iMail Password Secrets

IPSwitch iMail saves all your email login passwords in Registry at following location

HKEY_LOCAL_MACHINE\Software\Ipswitch\Imail\Domains\[domain_name]\Users

Above location contains following registry values MailAddr, FullName, Password referring to email server, username & password of saved account.  It uses proprietary encoding format to save the mail password.

How to Decrypt IPSwitch iMail Passwords

Here is sample ruby program to decrypt email passwords from IPSwitch iMail programmatically.

(Source: Metasploit Module)

def decode_password(username='', enc_password='')
    #No point trying to decode if there's no username or password
    return "" if username.empty? or enc_password.empty?

    counter = 0
    password = ''

    #Start decoding, what's up gold $$
    0.step(enc_password.length-1, 2) do |i|
      byte_1 = enc_password[i,1].unpack("C")[0]
      byte_1 = (byte_1 <= 57) ? byte_1 - 48 : byte_1 - 55
      byte_1 *= 16

      byte_2 = enc_password[i+1,1].unpack("C")[0]
      byte_2 = (byte_2 <= 57) ? byte_2 - 48 : byte_2 - 55

      char = byte_1 + byte_2

      counter = 0 if username.length <= counter username_byte = username[counter, 1].unpack("C")[0] if username_byte > 54 and username_byte < 90
        username_byte += 32
      end

      char -= username_byte
      counter += 1
      password << char.chr
    end

    vprint_status("Password '#{enc_password}' = #{password}")

    return password
  end

 

Hope this article has helped you to understand password secrets of IPSwitch iMail. Please comment below on what do you think or if you have any queries.

 


Leave a Reply

Your email address will not be published. Required fields are marked *