Team Helpdesk Customer Web Service (CWS) Remote User Credential Dump exploit & Team Helpdesk Technician Web Access (TWA) Remote User Credential Dump exploit

vendor:

Team Helpdesk

by:

bhamb (ccb3b72@gmail.com)

N/A

CVSS

N/A

Remote User Credential Dump

N/A

CWE

Product Name: Team Helpdesk

Affected Version From: 8.3.5

Affected Version To: 8.3.5

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows 2008 R2

2014

Team Helpdesk Customer Web Service (CWS) Remote User Credential Dump exploit & Team Helpdesk Technician Web Access (TWA) Remote User Credential Dump exploit

This exploit allows an attacker to dump user credentials from Team Helpdesk Customer Web Service (CWS) and Team Helpdesk Technician Web Access (TWA). The attacker can use the user_cred_dump_cws.py and user_cred_dump_twa.py scripts to dump the credentials and decrypt_cws.py and decrypt_twa.py scripts to decrypt the encrypted passwords. The exploit was tested on Windows 2008 R2.

Mitigation:

The vendor has released a patch to address this vulnerability.

Source

Exploit-DB raw data:

# Exploit Title: Team Helpdesk Customer Web Service (CWS) Remote User Credential Dump exploit
# Exploit Title: Team Helpdesk Technician Web Access (TWA) Remote User Credential Dump exploit
# Date: May 5, 2014
# Exploit Author: bhamb (ccb3b72@gmail.com)
# Vendor Homepage: http://www.assistmyteam.net/TeamHelpdesk/
# Software Link: http://www.assistmyteam.net/TeamHelpdesk/Download.asp
# Version: 8.3.5 (and probably prior)
# Tested on: Windows 2008 R2
# CVE : -

Recommendation:

Usage: ./user_cred_dump_cws.py https://Hostname.com

You will get a username:encrypted-password pairs.
To decrypt the encrypted passwords, please use my Password Decrypt script
(decrypt_cws.py) for Team Helpdesk CWS.




Usage: ./user_cred_dump_twa.py https://Hostname.com

You will get a username:encrypted-password pairs.
To decrypt the encrypted passwords, please use my Password Decrypt script
(decrypt_twa.py) for Team Helpdesk TWA.



Verifying exploits
https://www.youtube.com/watch?v=pJ1fGN3DIMU&feature=youtu.be



Exploit-DB Mirror: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/33195-Team_Helpdesk_Web.zip