TeamHelpdesk Customer Web Service (CWS) 8.3.5 & Technician Web Access (TWA) 8.3.5 – Remote User Credential Dump

• Exploit Database
• 9 阅读

• 作者： bhamb
  日期： 2014-05-05
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/33195/

• # Exploit Title: Team Helpdesk Customer Web Service (CWS) Remote User Credential Dump exploit
  # Exploit Title: Team Helpdesk Technician Web Access (TWA) Remote User Credential Dump exploit
  # Date: May 5, 2014
  # Exploit Author: bhamb (ccb3b72@gmail.com)
  # Vendor Homepage: http://www.assistmyteam.net/TeamHelpdesk/
  # Software Link: http://www.assistmyteam.net/TeamHelpdesk/Download.asp
  # Version: 8.3.5 (and probably prior)
  # Tested on: Windows 2008 R2
  # CVE : -
  
  Recommendation:
  
  Usage: ./user_cred_dump_cws.py https://Hostname.com
  
  You will get a username:encrypted-password pairs.
  To decrypt the encrypted passwords, please use my Password Decrypt script
  (decrypt_cws.py) for Team Helpdesk CWS.
  
  
  
  
  Usage: ./user_cred_dump_twa.py https://Hostname.com
  
  You will get a username:encrypted-password pairs.
  To decrypt the encrypted passwords, please use my Password Decrypt script
  (decrypt_twa.py) for Team Helpdesk TWA.
  
  
  
  Verifying exploits
  https://www.youtube.com/watch?v=pJ1fGN3DIMU&feature=youtu.be
  
  
  
  Exploit-DB Mirror: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/33195-Team_Helpdesk_Web.zip