0day.today - Biggest Exploit Database in the World.

Select your language:

Things you should know about 0day.today:

We use one main domain: http://0day.today
Most of the materials is completely FREE
If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn GOLD

We accept currencies: [contact admin to find more]

We don't want you to use our site as a tool for hacking purposes, so any kind of action that could affect illegaly other users or websites that you don't have right to access will be banned and your account including your data will be destroyed.

Administration of this site uses the official contacts. Beware of impostors!

We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!

I am registered user of 0day.today. I don't want to see this screen in future.

What to do first?

Read the [ agreement ]
Read the [ Submit ] rules
Visit the [ faq ] page
[ Register ] profile
Get [ GOLD ]
If you want to [ sell ]
If you want to [ buy ]
If you lost [ Account ]
Any questions [ admin@0day.today ]

Main links

You can contact us by

Mail:

mr.inj3ct0r@gmail.com

Facebook:

Inj3ct0rs

Twitter:

Inj3ct0r

Telegram:

We DO NOT use Telegram or any messengers / social networks!

[ authorization ] [ registration ] [ restore account ]

You can contact us by:

Mail:

mr.inj3ct0r@gmail.com

Facebook:

Inj3ct0rs

Twitter:

Inj3ct0r

Telegram:

We DO NOT use Telegram or any messengers / social networks!

WSearch service (windows) - persistence backdooring + privilege escalation Exploit

[ 0Day-ID-26154 ]

Full title

WSearch service (windows) - persistence backdooring + privilege escalation Exploit [ Highlight ]

Highlight - is paid service, that can help to get more visitors to your material.

Price:

Date add

27-10-2016

Category

local exploits

Platform

windows

Verified

Price

free

Risk

[

Security Risk Critical

]

Rel. releases

Description

Vendor: Microsoft WSearch (windows indexing) service [SearchIndexer.exe]
Vulnerability Type: Persistence backdooring + Privilege Escalation
Versions Affected: Windows XP, VISTA, 7, 8, 9, 10
Severity: critical

Description:
The WSearch service uses one executable.exe set in binary_path_name and runs it has
local/system at startup, this enables local privilege_escalation/persistence_backdooring.
To exploit this vulnerability a local attacker needs to replace the executable into the binary_path_name
of the service. 'Rebooting the system or restarting the service will run the malicious executable with
elevated privileges.

Credits:
vuln/module author: r00t-3xp10it
help debugging: milton@barra
module article: Chaitanya Haritash

Usage info

1º - exploit target system with one meterpreter payload (open session)
2º - build new payload called: SearchIndexer.exe (2º payload to send to target)
3º - start conrrespondent handler to wait for the 2º payload connection.
4º - use post/windows/escalate/persist_priv_Wsearch (set options required)
5º - set UPLOAD_PATH /root/SearchIndexer.exe (2º payload to send to target)
6º - exploit

Vendor

www.microsoft.com

Affected ver

Windows XP, VISTA, 7, 8, 9, 10

We DO NOT use Telegram or any messengers / social networks!

Please, beware of scammers!

WSearch service (windows) - persistence backdooring + privilege escalation Exploit

Report Error

Report Error