2 Cent About Team Viewer Buddies

Nowadays TeamViewer (TV) is one of the best remote desktop application, its use is widely diffused in all the net from private customers to business. Apparently it seems to be bug free but with a bit of Social Engineering it could become an open windows on your system an your TV buddies. Let’s immaginate a scenario where the attacker has got access to a victim’s pc with TV installed he could copy the TV registry keys where the buddies password are stored in order to gain access also to their machines. The buddies settings are saved in the following keys:

HKEY_CURRENT_USER\Software\TeamViewer\Version5", "BuddyLoginName"
HKEY_CURRENT_USER\Software\TeamViewer\Version5", "BuddyLoginPWAES"

User and password are encrypted with AES but this is not a real problem because you can directly copy the keys into your registry and the job is done, now you can login on TV buddies with the victim account if they are using a default password of course.

It’s also possible to debug TV to decrypt the passwords at fly but is boring, I choose to use WinHex to check the process memory with an adequate pattern.

This byte sequence should help to land very close to the decrypted password.

77006C006D00610069006C002E006500780065

The “bug”, as always, is located at half road between the monitor and the back of the chair, this is the concept where the social engineering is focused. I wont go over the lines but todays this type of hoax is the best tool that the hackers can use to gain informations or exploit their target. So be carefull when you store your password somewhere.


		
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s