Forwarded from TechToday News
#Windows #Security #Exploit #Article
Windows Exploitation Tricks: Arbitrary Directory Creation to Arbitrary File Read
In this post I’m going to give a technique to go from an arbitrary directory creation vulnerability to arbitrary file read. Arbitrary direction creation vulnerabilities do exist - for example, here’s one that was in the Linux subsystem - but it’s not always obvious how you’d exploit such a bug in contrast to arbitrary file creation where a DLL is dropped somewhere. You could abuse DLL Redirection support where you create a directory calling program.exe.local to do DLL planting but that’s not always reliable as you’ll only be able to redirect DLLs not in the same directory (such as System32) and only ones which would normally go via Side-by-Side DLL loading.
https://googleprojectzero.blogspot.co.uk/2017/08/windows-exploitation-tricks-arbitrary.html
https://gist.github.com/tyranid/221bf08dd3ddb88ec33d2573a83482d0
Windows Exploitation Tricks: Arbitrary Directory Creation to Arbitrary File Read
In this post I’m going to give a technique to go from an arbitrary directory creation vulnerability to arbitrary file read. Arbitrary direction creation vulnerabilities do exist - for example, here’s one that was in the Linux subsystem - but it’s not always obvious how you’d exploit such a bug in contrast to arbitrary file creation where a DLL is dropped somewhere. You could abuse DLL Redirection support where you create a directory calling program.exe.local to do DLL planting but that’s not always reliable as you’ll only be able to redirect DLLs not in the same directory (such as System32) and only ones which would normally go via Side-by-Side DLL loading.
https://googleprojectzero.blogspot.co.uk/2017/08/windows-exploitation-tricks-arbitrary.html
final script on GITHUB :https://gist.github.com/tyranid/221bf08dd3ddb88ec33d2573a83482d0
googleprojectzero.blogspot.co.uk
Windows Exploitation Tricks: Arbitrary Directory Creation to Arbitrary File Read
Posted by James Forshaw, Project Zero For the past couple of months I’ve been presenting my “Introduction to Windows Logical Privilege ...
Forwarded from Группы/конференции
Чат канала @R0_Crew
Security Related Links:
- Reverse Engineering;
- Malware Research;
- Exploit Development;
- Pentest;
- etc;
Invite Bot: @r0crew_bot
https://t.me/joinchat/AAAAAEPI6ZcpRAslyjQRbA
Forum: https://forum.reverse4you.org
Twitter: https://twitter.com/reverse4you_org
VK: https://vk.com/reverse_engineering
#security #malware #exploit #pentest
Security Related Links:
- Reverse Engineering;
- Malware Research;
- Exploit Development;
- Pentest;
- etc;
Invite Bot: @r0crew_bot
https://t.me/joinchat/AAAAAEPI6ZcpRAslyjQRbA
Forum: https://forum.reverse4you.org
Twitter: https://twitter.com/reverse4you_org
VK: https://vk.com/reverse_engineering
#security #malware #exploit #pentest
Forwarded from TechToday News
#Vulnerability #Exploit #Article
Exploiting the Magellan bug on 64-bit Chrome Desktop
In December 2018, the Tencent Blade Team released an advisory for a bug they named “Magellan”, which affected all applications using sqlite versions prior to 2.5.3. In their public disclosure they state that they successfully exploited Google Home using this vulnerability. Despite several weeks having passed after the initial advisory, no public exploit was released. We were curious about how exploitable the bug was and whether it could be exploited on 64-bit desktop platforms. Therefore, we set out to create an exploit targeting Chrome on 64-bit Ubuntu.
https://blog.exodusintel.com/2019/01/22/exploiting-the-magellan-bug-on-64-bit-chrome-desktop/
Exploiting the Magellan bug on 64-bit Chrome Desktop
In December 2018, the Tencent Blade Team released an advisory for a bug they named “Magellan”, which affected all applications using sqlite versions prior to 2.5.3. In their public disclosure they state that they successfully exploited Google Home using this vulnerability. Despite several weeks having passed after the initial advisory, no public exploit was released. We were curious about how exploitable the bug was and whether it could be exploited on 64-bit desktop platforms. Therefore, we set out to create an exploit targeting Chrome on 64-bit Ubuntu.
https://blog.exodusintel.com/2019/01/22/exploiting-the-magellan-bug-on-64-bit-chrome-desktop/
Exodus Intelligence
Exploiting the Magellan bug on 64-bit Chrome Desktop
In this post, we show how to reverse engineer the Magellan bug from the patch and exploit it on a 64bit desktop environment.
Forwarded from Заметки Хакер
🖥 Репозиторий: Exploit Street — ориентирование в новой области Windows LPE
Exploit Street — это полезный репозиторий, который включает все известные уязвимости Windows за 2023 и 2024 год.
— Этот репозиторий является местом, где мы погружаемся в постоянно меняющийся мир кибербезопасности, уделяя особое внимание эксплойтам для локального повышения привилегий (LPE), направленным на системы Windows.
⏺Ссылка на GitHub (https://github.com/MzHmO/Exploit-Street)
#Exploit #Windows #Vulnerability
@hackernews_lib
Exploit Street — это полезный репозиторий, который включает все известные уязвимости Windows за 2023 и 2024 год.
— Этот репозиторий является местом, где мы погружаемся в постоянно меняющийся мир кибербезопасности, уделяя особое внимание эксплойтам для локального повышения привилегий (LPE), направленным на системы Windows.
⏺Ссылка на GitHub (https://github.com/MzHmO/Exploit-Street)
#Exploit #Windows #Vulnerability
@hackernews_lib