# Exploit Title: Team Helpdesk Customer Web Service (CWS) Remote User Credential Dump exploit# Exploit Title: Team Helpdesk Technician Web Access (TWA) Remote User Credential Dump exploit# Date: May 5, 2014# Exploit Author: bhamb (ccb3b72@gmail.com)# Vendor Homepage: http://www.assistmyteam.net/TeamHelpdesk/# Software Link: http://www.assistmyteam.net/TeamHelpdesk/Download.asp# Version: 8.3.5 (and probably prior)# Tested on: Windows 2008 R2# CVE : -
Recommendation:
Usage:./user_cred_dump_cws.py https://Hostname.com
You will get a username:encrypted-password pairs.
To decrypt the encrypted passwords, please use my Password Decrypt script
(decrypt_cws.py)for Team Helpdesk CWS.
Usage:./user_cred_dump_twa.py https://Hostname.com
You will get a username:encrypted-password pairs.
To decrypt the encrypted passwords, please use my Password Decrypt script
(decrypt_twa.py)for Team Helpdesk TWA.
Verifying exploits
https://www.youtube.com/watch?v=pJ1fGN3DIMU&feature=youtu.be
Exploit-DB Mirror: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/33195-Team_Helpdesk_Web.zip
