ab1398c24c
13 changes to exploits/shellcodes PCHelpWare V2 1.0.0.5 - 'SC' Denial of Service (PoC) PCHelpWare V2 1.0.0.5 - 'Group' Denial of Service (PoC) AdminExpress 1.2.5 - 'Folder Path' Denial of Service (PoC) Zoho ManageEngine ADManager Plus 6.6 (Build < 6659) - Privilege Escalation Microsoft Windows 10 1809 / 1709 - CSRSS SxSSrv Cached Manifest Privilege Escalation Microsoft Windows 10 1809 - LUAFV Delayed Virtualization MAXIMUM_ACCESS DesiredAccess Privilege Escalation Microsoft Windows 10 1809 - LUAFV Delayed Virtualization Cross Process Handle Duplication Privilege Escalation Microsoft Windows 10 1809 - LUAFV LuafvCopyShortName Arbitrary Short Name Privilege Escalation Microsoft Windows 10 1809 - LUAFV NtSetCachedSigningLevel Device Guard Bypass Microsoft Windows 10 1809 - LUAFV Delayed Virtualization Cache Manager Poisoning Privilege Escalation Microsoft Windows 10 1809 - LUAFV PostLuafvPostReadWrite SECTION_OBJECT_POINTERS Race Condition Privilege Escalation Zyxel ZyWall 310 / ZyWall 110 / USG1900 / ATP500 / USG40 - Login Page Cross-Site Scripting Joomla Core 1.5.0 - 3.9.4 - Directory Traversal / Authenticated Arbitrary File Deletion
11 lines
No EOL
659 B
Text
11 lines
No EOL
659 B
Text
# Exploit Title: Zoho ManageEngine ADManager Plus 6.6 (Build < 6659) Privilege Escalation
|
|
# Date: 15th April 2019
|
|
# Exploit Author: Digital Interruption
|
|
# Vendor Homepage: https://www.manageengine.co.uk/
|
|
# Version: 6.6 (Build 6658)
|
|
# Tested on: Windows Server 2012 R2
|
|
# CVE : CVE-2018-19374
|
|
|
|
Due to weak permissions setup on the bin, lib and tools directories within the ManageEngine installation directory, it is possible for any authenticated user to modify several core files.
|
|
|
|
To escalate privileges to that of LOCAL SYSTEM, drop a payload onto the system and then add a line to bin\ChangeJRE.bat to execute it every time the system is rebooted. |