e797f5230d
24 changes to exploits/shellcodes HP Display Assistant x64 Edition 3.20 - 'DTSRVC' Unquoted Service Path KMSpico 17.1.0.0 - 'Service KMSELDI' Unquoted Service Path Winstep 18.06.0096 - 'Xtreme Service' Unquoted Service Path OKI sPSV Port Manager 1.0.41 - 'sPSVOpLclSrv' Unquoted Service Path IPTInstaller 4.0.9 - 'PassThru Service' Unquoted Service Path Genexus Protection Server 9.6.4.2 - 'protsrvservice' Unquoted Service Path DigitalPersona 4.5.0.2213 - 'DpHostW' Unquoted Service Path Syncplify.me Server! 5.0.37 - 'SMWebRestServicev5' Unquoted Service Path HP WMI Service 1.4.8.0 - 'HPWMISVC.exe' Unquoted Service Path Motorola Device Manager 2.4.5 - 'ForwardDaemon.exe ' Unquoted Service Path Motorola Device Manager 2.5.4 - 'MotoHelperService.exe' Unquoted Service Path Motorola Device Manager 2.5.4 - 'ForwardDaemon.exe ' Unquoted Service Path Realtek Andrea RT Filters 1.0.64.10 - 'AERTSr64.EXE' Unquoted Service Path MEMU PLAY 3.7.0 - 'MEmusvc' Unquoted Service Path Magic Mouse 2 utilities 2.20 - 'magicmouse2service' Unquoted Service Path iDeskService 3.0.2.1 - 'iDeskService' Unquoted Service Path Canon Inkjet Extended Survey Program 5.1.0.8 - 'IJPLMSVC.EXE' - Unquoted Service Path Deep Instinct Windows Agent 1.2.24.0 - 'DeepNetworkService' Unquoted Service Path RealTimes Desktop Service 18.1.4 - 'rpdsvc.exe' Unquoted Service Path DiskBoss v11.7.28 - Multiple Services Unquoted Service Path Privacy Drive v3.17.0 - 'pdsvc.exe' Unquoted Service Path Genexis Platinum-4410 P4410-V2-1.28 - Broken Access Control and CSRF SuiteCRM 7.11.15 - 'last_name' Remote Code Execution (Authenticated) Joplin 1.2.6 - 'link' Cross Site Scripting
37 lines
No EOL
1.8 KiB
Text
37 lines
No EOL
1.8 KiB
Text
# Exploit Title: Deep Instinct Windows Agent 1.2.24.0 - 'DeepNetworkService' Unquoted Service Path
|
|
# Discovery by: Paulina Girón
|
|
# Discovery Date: 2020-11-07
|
|
# Vendor Homepage: https://www.deepinstinct.com/
|
|
# Software Links : https://www.deepinstinct.com/2019/05/22/hp-collaborates-with-deep-instinct-to-roll-out-ai-powered-malware-protection-for-next-generation-hp-elitebook-and-zbook-pcs/
|
|
# Tested Version: 1.2.24.0
|
|
# Vulnerability Type: Unquoted Service Path
|
|
# Tested on OS: Microsoft Windows 10 Pro 64 bits
|
|
1)
|
|
|
|
C:\> wmic service get name, pathname, displayname, startmode | findstr "Auto" | findstr /i /v "C:\Windows\\" | findstr /i "DeepNetworkService" |findstr /i /v """
|
|
|
|
Deep Instinct Network Service DeepNetworkService C:\Program Files\HP Sure Sense\DeepNetworkService.exe Auto
|
|
|
|
2)
|
|
|
|
C:\> sc qc "DeepNetworkService"
|
|
|
|
[SC] QueryServiceConfig CORRECTO
|
|
|
|
NOMBRE_SERVICIO: DeepNetworkService
|
|
TIPO : 10 WIN32_OWN_PROCESS
|
|
TIPO_INICIO : 2 AUTO_START
|
|
CONTROL_ERROR : 1 NORMAL
|
|
NOMBRE_RUTA_BINARIO: C:\Program Files\HP Sure Sense\DeepNetworkService.exe
|
|
GRUPO_ORDEN_CARGA : FSFilter Anti-Virus
|
|
ETIQUETA : 0
|
|
NOMBRE_MOSTRAR : Deep Instinct Network Service
|
|
DEPENDENCIAS :
|
|
NOMBRE_INICIO_SERVICIO: LocalSystem
|
|
|
|
|
|
#Description Exploit:
|
|
# A successful attempt would require the local user to be able to insert their code in the system root path
|
|
# undetected by the OS or other security applications where it could potentially be executed during
|
|
# application startup or reboot. If successful, the local user's code would execute with the elevated
|
|
# privileges of the application. |