|
Post by 101 on Jun 12, 2012 10:58:14 GMT -5
Hi reg QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\eMingSoftware\NetPeeker\" HKEY_LOCAL_MACHINE\SOFTWARE\eMingSoftware\NetPeeker CheckUpdate REG_DWORD 0x1 AlwaysOnTop REG_DWORD 0x0 AutoRemove REG_DWORD 0x1 AutoRemoveTime REG_DWORD 0x78 HomePage REG_SZ www.net-peeker.com/ InstallDir REG_SZ C:\NetPeeker LocalNetList REG_SZ 10.0.0.0/255.0.0.0, 192.168.0.0/255.255.0.0 RunAtStart REG_DWORD 0x1 SpeedGraphTimeRange REG_DWORD 0x2 Version REG_SZ 3.40.0.1102 Authentication REG_SZ CCD87C0E9326EE3D ShowSessions REG_DWORD 0x1 An administrator can reset the password with Authentication="" However, users without admin rights cannot use the same trick. I've found a simple way to bypass "Net-Peeker Authenticate". The configuration is allocated in a static structure in memory. Find this structure, overwrite the password with NULL bytes. That's cool for a recovery but... a local user could exploit this weakness to modify settings. Regards,
|
|