-
Notifications
You must be signed in to change notification settings - Fork 3
Expand file tree
/
Copy pathREADME
More file actions
36 lines (23 loc) · 998 Bytes
/
README
File metadata and controls
36 lines (23 loc) · 998 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
WebEx One-Click Registry Key Decryptor
brad.antoniewicz@foundstone.com
-------------------------------------------------
The WebEx One-Click client stores user passwords
encrypted within the registry however the encryption
is really not all that amazing.
It takes the values of these registry keys:
HKEY_CURRENT_USER\Software\WebEx\ProdTools\UserName
HKEY_CURRENT_USER\Software\WebEx\ProdTools\SiteName
Combines and repeats them out to 32 bytes. For instance
UserName key = braanton
SiteName key = siteaa.webex.com/siteaa
So the encryption key would be:
braantonsiteaa.webex.com/siteaab
Next it takes uses the following IV to make things "secure":
123456789abcdef03456789abcdef012
webex-onedecrypt.c is a PoC to decrypt the values stored in the
registry. Just manually set the regVal, regLength and key variables.
To compile:
gcc -o webex-onedecrypt -lssl webex-onedecrypt.c
then make a metasploit harvester module..
Enjoy!
Tracked by PSIRT-0219916903