GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → vah13 → Extracttvpasswords

vah13 / Extracttvpasswords

tool to extract passwords from TeamViewer memory using Frida

Programming Languages

python
139335 projects - #7 most used programming language
cplusplus
227 projects

Labels

hackingfrida

Projects that are alternatives of or similar to Extracttvpasswords

Archstrike
An Arch Linux repository for security professionals and enthusiasts. Done the Arch Way and optimized for i686, x86_64, ARMv6, ARMv7 and ARMv8.
Stars: ✭ 401 (-9.68%)
Mutual labels:  hacking
Reverseapk
Quickly analyze and reverse engineer Android packages
Stars: ✭ 419 (-5.63%)
Mutual labels:  hacking
Hulk
HULK DoS tool ported to Go with some additional features.
Stars: ✭ 427 (-3.83%)
Mutual labels:  hacking
Apkurlgrep
Extract endpoints from APK files
Stars: ✭ 405 (-8.78%)
Mutual labels:  hacking
Awesome Privilege Escalation
A curated list of awesome privilege escalation
Stars: ✭ 413 (-6.98%)
Mutual labels:  hacking
Security Notes
📓 Some security related notes
Stars: ✭ 422 (-4.95%)
Mutual labels:  hacking
Thc Tesla Powerwall2 Hack
TESLA PowerWall 2 Security Shenanigans
Stars: ✭ 399 (-10.14%)
Mutual labels:  hacking
Goohak
Automatically Launch Google Hacking Queries Against A Target Domain
Stars: ✭ 432 (-2.7%)
Mutual labels:  hacking
Frida Fuzzer
This experimetal fuzzer is meant to be used for API in-memory fuzzing.
Stars: ✭ 415 (-6.53%)
Mutual labels:  frida
Wahh extras
The Web Application Hacker's Handbook - Extra Content
Stars: ✭ 428 (-3.6%)
Mutual labels:  hacking
Hellraiser
Vulnerability scanner using Nmap for scanning and correlating found CPEs with CVEs.
Stars: ✭ 413 (-6.98%)
Mutual labels:  hacking
Hacking
hacker, ready for more of our story ! 🚀
Stars: ✭ 413 (-6.98%)
Mutual labels:  hacking
Dref
DNS Rebinding Exploitation Framework
Stars: ✭ 423 (-4.73%)
Mutual labels:  hacking
Packetwhisper
PacketWhisper: Stealthily exfiltrate data and defeat attribution using DNS queries and text-based steganography. Avoid the problems associated with typical DNS exfiltration methods. Transfer data between systems without the communicating devices directly connecting to each other or to a common endpoint. No need to control a DNS Name Server.
Stars: ✭ 405 (-8.78%)
Mutual labels:  hacking
Appinfoscanner
一款适用于以HW行动/红队/渗透测试团队为场景的移动端(Android、iOS、WEB、H5、静态网站)信息收集扫描工具,可以帮助渗透测试工程师、攻击队成员、红队成员快速收集到移动端或者静态WEB站点中关键的资产信息并提供基本的信息输出,如:Title、Domain、CDN、指纹信息、状态信息等。
Stars: ✭ 424 (-4.5%)
Mutual labels:  hacking
Frida Core
Frida core library intended for static linking into bindings
Stars: ✭ 398 (-10.36%)
Mutual labels:  frida
Ehtools
Wi-Fi tools keep getting more and more accessible to beginners, and the Ehtools Framework is a framework of serious penetration tools that can be explored easily from within it. This powerful and simple tool can be used for everything from installing new add-ons to grabbing a WPA handshake in a matter of seconds. Plus, it's easy to install, set up, and utilize.
Stars: ✭ 422 (-4.95%)
Mutual labels:  hacking
Dns Rebind Toolkit
A front-end JavaScript toolkit for creating DNS rebinding attacks.
Stars: ✭ 435 (-2.03%)
Mutual labels:  hacking
Hosthunter
HostHunter a recon tool for discovering hostnames using OSINT techniques.
Stars: ✭ 427 (-3.83%)
Mutual labels:  hacking
Brutesploit
BruteSploit is a collection of method for automated Generate, Bruteforce and Manipulation wordlist with interactive shell. That can be used during a penetration test to enumerate and maybe can be used in CTF for manipulation,combine,transform and permutation some words or file text :p
Stars: ✭ 424 (-4.5%)
Mutual labels:  hacking
View All Similar Projects ➔

Extract password from TeamViewer memory using Frida (CVE-2018-14333)

  Hi there, in this article we want to tell about our little research about password security in TeamViewer. The method can help during the pentest time for post exploitation to get access to another machine using TeamViewer.

TeamViewer automatically authentication

  A few days ago I worked on my windows cloud VPS with TeamViewer (where I set a custom password). After work I disconnected, at the next time when I wanted to connect, I saw that TeamViewer had auto-filled the password.

tw_interface

I think “Interesting, how can i get access to the password? How is the password stored in my computer?”

Password location

I dumped the memory of the TeamViewer and grepped password. dump

Ooo yeees, 😊 password in the memory is stored in Unicode format. It turns out that if you finish work with TeamViewer and don’t kill the process (or exit from TeamViewer

menu

the password will be stored in memory)

  After analyzing we understood that the first red area is a start magic data, in the second one – end magic data (from time to time, end magic data has this value = 00 00 00 20 00 00).

Script for getting password

To extract passwords from memory we wrote two mini programs, in Python and C++ language.

Thx Frida team for a wonderful tool! Our python script attaches to the TeamViewer.exe process, gets the base address and memory size of each library in this process. After that, it dumps one by one memory area, searches parts with [00 88] bytes at the start and [00 00 00] bytes in the end and copies them in the array. The next and the last step is choosing end decoding raws according to the regexp and password policy.

python_work_example

After executing the C++ code, you will get this view “asdQWE123” is the password

cpp_poc

For the future

  1. The programs can extract well remote ID and passwords, but he also gets some false positive dates. If we will have free time, we will try to reduce false positive rates.
  2. Optimize C++ code from https://github.com/vah13/extractTVpasswords

examples

c++ example

cppex

python example

pyex

@NewFranny

@vah_13

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].