TeamHelpdesk Customer Web Service (CWS) 8.3.5 Technician Web Access (TWA) 8.3.5 - Remote User Credential Dump

2014-05-05T00:00:00
ID EXPLOITPACK:99FB856CF4DFBC8124DAF6428AD5FCA7
Type exploitpack
Reporter bhamb
Modified 2014-05-05T00:00:00

Description

TeamHelpdesk Customer Web Service (CWS) 8.3.5 Technician Web Access (TWA) 8.3.5 - Remote User Credential Dump

                                        
                                            # Exploit Title: Team Helpdesk Customer Web Service (CWS) Remote User Credential Dump exploit
# Exploit Title: Team Helpdesk Technician Web Access (TWA) Remote User Credential Dump exploit
# Date: May 5, 2014
# Exploit Author: bhamb (ccb3b72@gmail.com)
# Vendor Homepage: http://www.assistmyteam.net/TeamHelpdesk/
# Software Link: http://www.assistmyteam.net/TeamHelpdesk/Download.asp
# Version: 8.3.5 (and probably prior)
# Tested on: Windows 2008 R2
# CVE : -

Recommendation:

Usage: ./user_cred_dump_cws.py https://Hostname.com

You will get a username:encrypted-password pairs.
To decrypt the encrypted passwords, please use my Password Decrypt script
(decrypt_cws.py) for Team Helpdesk CWS.




Usage: ./user_cred_dump_twa.py https://Hostname.com

You will get a username:encrypted-password pairs.
To decrypt the encrypted passwords, please use my Password Decrypt script
(decrypt_twa.py) for Team Helpdesk TWA.



Verifying exploits
https://www.youtube.com/watch?v=pJ1fGN3DIMU&feature=youtu.be



Exploit-DB Mirror: https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/33195-Team_Helpdesk_Web.zip