7 matches found
Arbitrary command execution on Windows
Description Opening files from an untrusted directory can lead to execution of arbitrary commands on Windows systems, this is possible by having a malicious file with the same name as a trusted executable, Windows gives priority to the current directory when searching for executables. Several...
ByeIntegrity-UAC - Bypass UAC By Hijacking A DLL Located In The Native Image Cache
Bypass User Account Control UAC to gain elevated Administrator privileges to run any program at a high integrity level. Requirements Administrator account UAC notification level set to default or lower How it works ByeIntegrity hijacks a DLL located in the Native Image Cache NIC. The NIC is used ...
Druva inSync Windows Client 6.6.3 CVE-2020-5752 - Local Privilege Escalation
Druva inSync Windows Client version 6.6.3 suffers from a local privilege escalation vulnerability. Exploit Title: Druva inSync Windows Client 6.6.3 - Local Privilege Escalation Date: 2020-05-21 Exploit Author: Matteo Malvica Credits: Chris Lyne for previous version's exploit Vendor Homepage:...
Cmd and Conquer: De-DOSfuscation with flare-qdb
When Daniel Bohannon released his excellent DOSfuscation paper, I was fascinated to see how tricks I used as a systems engineer could help attackers evade detection. I didn’t have much to contribute to this conversation until I had to analyze a hideously obfuscated batch file as part of my job on...
Newly Observed Ursnif Variant Employs Malicious TLS Callback Technique to Achieve Process Injection
Introduction TLS Thread Local Storage callbacks are provided by the Windows operating system to support additional initialization and termination for per-thread data structures. As previously reported, malicious TLS callbacks, as an anti-analysis trick, have been observed for quite some time and...
HP Data Protector - 'EXEC_BAR' Remote Command Execution
import argparse import socket """ Exploit Title: HP Data Protector EXECBAR Remote Command Execution Exploit Author: Chris Graham @cgrahamseven CVE: CVE-2013-2347 Date: February 14, 2014 Vendor Homepage: www.hp.com Version: 6.10, 6.11, 6.20 Tested On: Windows Server 2003, Windows Server 2008 R2...
EMC RepliStor Server Service DoASOCommand Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC RepliStor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DoRcvRpcCall RPC function exposed via the repsrv.exe process which listens by defaul...