Jump to content
secure

Competitie: gaseste vulnerabilitatile

By secure, in Challenges (CTF)

Recommended Posts

secure Newbie

secure

Posted
Posted (edited)

Site webcamnow.com

Challenge:

- aflarea adresei de mail a oricarui user existent

- aflarea parolei in plaintext a oricarui user existent

In situatia de fata gasiti adresa de mail si parola userului _admin_

Nivel: easy

Raspunsurile le puteti da si aici.

Edited by secure
Guest Kovalski

Guest Kovalski

Posted
Posted

------------------------------------------------------------------

- EXPL-A-2003-005 exploitlabs.com Advisory 005

------------------------------------------------------------------

-= Webcam Now =-

morning_wood

June 10, 2003

Vunerability(s):

----------------

1. Cleartext Passwords in Windows registry

Product:

--------

Webcam Now Broadcaster

WebcamNow Free Video Chat

http://www.webcamnow.com/download.html

Reviews:

--------

Description of product:

-----------------------

"WebcamNow provides free Internet video

broadcasting service (software and hosting) for personal use.

Live video can be broadcast from virtually any PC camera or video

capture device by simply creating an ID and start the WebcamNow

Video Broadcaster. Additionally, the video is accompanied by real-time

communication through text and voice chat. Live webcam broadcasts

can be viewed through any current browser that supports Java by

going to the Videochat start page or the WebcamNow home page"

VUNERABILITY

=============

Local:

------

View user / password in these registry keys:

HKEY_LOCAL_MACHINE\SOFTWARE\WebCamNow\Users\Name

HKEY_LOCAL_MACHINE\SOFTWARE\WebCamNow\Users\Password

there is no excuse for a plaintext passsword in the windows registry file

period.

Any computer with multiple users is vunerable to password discovery and

disclosure. hint - hash yer pass

Remote:

-------

none

( unless remote registry is enabled or a intranet / lan topology [or

previous remote compromise] )

Vendor Fix:

-----------

No fix on 0day

Vendor Contact:

---------------

[email PROTECTED] - Concurrent with this advisory

Credits:

--------

Credits:

--------

Donnie Werner

Exploitlabs "were finding your holes"

se pune? :)

DreptulLaReplica Newbie

DreptulLaReplica

Posted
Posted
------------------------------------------------------------------

- EXPL-A-2003-005 exploitlabs.com Advisory 005

------------------------------------------------------------------

-= Webcam Now =-

morning_wood

June 10, 2003

Vunerability(s):

----------------

1. Cleartext Passwords in Windows registry

Product:

--------

Webcam Now Broadcaster

WebcamNow Free Video Chat

http://www.webcamnow.com/download.html

Reviews:

--------

Description of product:

-----------------------

"WebcamNow provides free Internet video

broadcasting service (software and hosting) for personal use.

Live video can be broadcast from virtually any PC camera or video

capture device by simply creating an ID and start the WebcamNow

Video Broadcaster. Additionally, the video is accompanied by real-time

communication through text and voice chat. Live webcam broadcasts

can be viewed through any current browser that supports Java by

going to the Videochat start page or the WebcamNow home page"

VUNERABILITY

=============

Local:

------

View user / password in these registry keys:

HKEY_LOCAL_MACHINE\SOFTWARE\WebCamNow\Users\Name

HKEY_LOCAL_MACHINE\SOFTWARE\WebCamNow\Users\Password

there is no excuse for a plaintext passsword in the windows registry file

period.

Any computer with multiple users is vunerable to password discovery and

disclosure. hint - hash yer pass

Remote:

-------

none

( unless remote registry is enabled or a intranet / lan topology [or

previous remote compromise] )

Vendor Fix:

-----------

No fix on 0day

Vendor Contact:

---------------

[email PROTECTED] - Concurrent with this advisory

Credits:

--------

Credits:

--------

Donnie Werner

Exploitlabs "were finding your holes"

se pune? :)

e veche si pusa pe toate site-urile, normal ca se pune:))

secure Newbie

secure

Posted
  • Author
Posted

DreptulLaReplica primeste 5 shelluri si noValue 5 shelluri pentru ca fiecare dintre ei a gasit primul una din "vulnerabilitati". Va dau la noapte pm cu shellurile.

DreptulLaReplica Newbie

DreptulLaReplica

Posted
Posted
DreptulLaReplica primeste 5 shelluri si noValue 5 shelluri pentru ca fiecare dintre ei a gasit primul una din "vulnerabilitati". Va dau la noapte pm cu shellurile.

Nu merci, le donez lu noValue, el le merita, si oricum nu as avea ce face cu ele.

Guest Kovalski

Guest Kovalski

Posted
Posted (edited)

:) eu ma uitam dupa avioane in sloboz

/admin/user_list

/index.old

/index.bak

/users/backup

/backup/

alte cretinisme.. nu mi-a trecut si nu mi-ar fi trecut niciodata prin cap de swf..

felicitarile mele Value.

Edited by ps-axl

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...