Skip to content

zaphoxx/WatchTV

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits

README.md

README.md

 
 

WatchTV.ps1

WatchTV.ps1

 
 

Repository files navigation

WatchTV

Tool to extract TeamViewer encrypted passwords from Windows Registry exploiting CVE-2019-18988.

    #################L   .###############u
    ##################N.@################ *
    ##################################### '>.n=L
    ###############################RR#### 'b"  9
    ###########################R#"  .#### @   .*
    ########################^   .e#######P   e"
    #####################R#    o########P   @
    ###################P" .e> 4#" '####F  .F
    #################R  .###& '#   ####  .#>
    #################b.o#####  #N  "##" ."'>
    #########################  ##N  "^ .# '>
    ############## "########R  ###&    ## '>
    ##############  E"##P^9#E  ####   8## '>
    ##############  E  "  9#F  ####k .### '>
    ##############  E     9#N  ########## '>
    ##############  E     9##.u########## '>
    ############## o"     9############## d
    **************#       ***************
    ManniTV

This is based on CVE-2019-18988 from the blog post and scripts found here https://whynotsecurity.com/blog/teamviewer/. This is my first powershell script. So if you have any remarks or suggestions on how this could be improved, don't hesitate to tell me so!

Feel free to use this for legal purpose only (e.g. penetration tests, hack the box machines etc.). Do not use this tool for illegal purpose!

EXCLAIMER! Please use this only on machines where you have the authorization and permission to use this for. It would be illegal to use this out in the wild on machines where you do not have the authorization to do so. So please don't!

FileName: WatchTV.ps1
CVE: CVE-2019-18988
Author: Manfred Heinz (@zaphoxx,@manniTV)
Last Update: 26.03.2020
Licens: GNU GPLv3
Required Dependencies: None
Optional Dependencies: None
References:
    "https://whynotsecurity.com/blog/teamviewer/
    https://gist.github.com/ctigeek/2a56648b923d198a6e60
    https://vulmon.com/vulnerabilitydetails?qid=CVE-2019-18988
    
.SYNOPSIS
    The main purpose of this script is to retrieve TeamViewers encrypted
    passwords from the Windows registry and to decrypt them.
.DESCRIPTION
    The script uses a predefined set of registry locations and properties.
    This whole script is mainly based on the description and scripts provided
    on https://whynotsecurity.com/blog/teamviewer/. I just thought a powershell
    version for this windows specific task would be nice to have.
.EXAMPLE
    Just run "Get-TeamViewPasswords"

About

Tool to extract TeamViewer encrypted passwords from Windows Registry

Resources

Readme
Activity

Stars

2 stars

Watchers

2 watching

Forks

4 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages