Team Helpdesk Technician Web Access (TWA) Remote User Credential Dump

2014.05.06

Credit: bhamb

Risk: High

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

# Exploit Title: Team Helpdesk Technician Web Access (TWA) Remote User Credential Dump exploit
# Date: May 5, 2014
# Exploit Author: bhamb (ccb3b72@gmail.com)
# Vendor Homepage: http://www.assistmyteam.net/TeamHelpdesk/
# Software Link: http://www.assistmyteam.net/TeamHelpdesk/Download.asp
# Version: 8.3.5 (and probably prior)
# Tested on: Windows 2008 R2
# CVE : -
Recommendation:
Usage: ./user_cred_dump_cws.py https://Hostname.com
You will get a username:encrypted-password pairs.
To decrypt the encrypted passwords, please use my Password Decrypt script
(decrypt_cws.py) for Team Helpdesk CWS.
Usage: ./user_cred_dump_twa.py https://Hostname.com
You will get a username:encrypted-password pairs.
To decrypt the encrypted passwords, please use my Password Decrypt script
(decrypt_twa.py) for Team Helpdesk TWA.
Verifying exploits
https://www.youtube.com/watch?v=pJ1fGN3DIMU&feature=youtu.be

References:

https://www.youtube.com/watch?v=pJ1fGN3DIMU&feature=youtu.be

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Team Helpdesk Technician Web Access (TWA) Remote User Credential Dump

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.