Jump to content

Hacker Technology

A group blog by Leader in Hacker Website - Providing Professional Ethical Hacking Services

  • Entries

    16114

  • Comments

    7952

  • Views

    86385006

Contributors to this blog

  • HireHackking 16114

About this blog

Hacking techniques include penetration testing, network security, reverse cracking, malware analysis, vulnerability exploitation, encryption cracking, social engineering, etc., used to identify and fix security flaws in systems.

HireHackking 
# Exploit Title: Bandwidth Monitor 3.9 - 'Svc10StrikeBandMontitor' Unquoted Service Path
# Exploit Author: Bobby Cooke
# Date: 2020-07-15
# Vendor Site: https://www.10-strike.com/
# Software Download: https://www.10-strike.com/bandwidth-monitor/bandwidth-monitor.exe
# Tested On: Windows 10 - Pro 1909 (x86)
# Version: Version 3.9

# Vulnerability Type: 
# Local Privilege Escalation to LocalSystem by Unquoted Service Path.

# Vulnerability Description:
# The 10-Strike Bandwidth Monitor v3.9 services "Svc10StrikeBandMontitor", "Svc10StrikeBMWD", and "Svc10StrikeBMAgent" suffer 
# from unquoted service path vulnerabilities that allow attackers to achieve Privilege Escalation to SYSTEM, at startup, 
# by placing a malicious binary in the truncated service path; such as "C:\Program.exe".

C:\Users\boku>wmic service get name,pathname,startmode,StartName | findstr "10-Strike Bandwidth Monitor"
Svc10StrikeBandMonitor    C:\Program Files\10-Strike Bandwidth Monitor\BMsvc.exe          Auto   LocalSystem
Svc10StrikeBMWD           C:\Program Files\10-Strike Bandwidth Monitor\BMWDsvc.exe        Auto   LocalSystem
Svc10StrikeBMAgent        C:\Program Files\10-Strike Bandwidth Monitor Agent\BMAgent.exe  Auto   LocalSystem