Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

TeamViewer 11 < 13 (Windows 10 x86) - Inline Hooking / Direct Memory Modification Permission Change

🗓️ 04 Dec 2017 00:00:00Reported by gellinType 
exploitdb
 exploitdb🔗 www.exploit-db.com👁 31 Views

Injectable C++ DLL for modifying TeamViewer permissions using inline hooking and direct memory modification. Enables extra menu items and control of mouse on server and client. Utilizes signature scanning and applies inline hooks for modification. Developed for educational purposes.

Code
# TeamViewer Permissions Hook V1
---
[![License](http://img.shields.io/badge/license-MIT-green.svg)](https://github.com/gellin/TeamViewer_Permissions_Hook_V1/blob/master/LICENSE)

**A proof of concept injectable C++ DLL, that uses naked inline hooking and direct memory modification to change TeamViewer permissions.**

## Features
* **As the Server** - Enables extra menu item options on the right side pop-up menu. Most useful so far to enable the "switch sides" feature which is normally only active after you have already authenticated control with the client, and initiated a change of control/sides.
* **As the Client** - Allows for control of mouse with disregard to servers current control settings and permissions.

## Demo

#### As the Server
![](https://raw.githubusercontent.com/gellin/TeamViewer_Permissions_Hook_V1/84b3aecd8f65f138989d460740b52195f0b1e1ac/server_switch_sides.gif)

#### Client
![](https://raw.githubusercontent.com/gellin/TeamViewer_Permissions_Hook_V1/84b3aecd8f65f138989d460740b52195f0b1e1ac/client_takes_control.gif)

## Rundown
* Utilizes signature/pattern scanning to dynamically locate key parts in the code at which the assembly registers hold pointers to interesting classes. Applies inline naked hooks a.k.a code caves, to hi-jack the pointers to use for modification via direct memory access to their reversed classes.
* Inject and follow the steps

## Requirements
* Your favorite Manual Mapper, PE Loader, DLL Injector, inject into - "TeamViewer.exe"
* This version was Built on Windows 10, for TeamViewer x86 Version 13.0.5058 - (Other versions of TeamViewer have not been tested but with more robust signatures it may work, linux not supported)

## Disclaimer
* Developed for educational purposes as a proof of concept for testing. I do not condone the or support the use of this software for unethical or illicit purposes. No responsibility is held or accepted for misuse.

## Credit
[@timse93](https://github.com/timse93) - Research and Testing

## EDB-Note
Download ~ https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/43366.zip

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
04 Dec 2017 00:00Current
7.4High risk
Vulners AI Score7.4
teamviewerwindows 10inline hookingdirect memory modificationc++dllmenu optionsmouse controlsignature scanningeducationalproof of conceptresearch
31