Here’s a local privilege escalation exploit I wrote, as a Metasploit Meterpreter script, for the South River Technologies WebDrive Service Bad Security Descriptor vulnerability.
This vulnerability was discovered by bellick of the Nine:Situations:Group and the original advisory can be found on the Nine:Situations:Group web site – South River Technologies WebDrive Service Bad Security Descriptor Local Elevation Of Privileges.
As you can understand from the advisory, local elevation of privileges is possible due to bad (empty actually) security descriptor of the South River Technologies WebDrive service.
This exploit was inspired by MC’s HP PML Driver HPZ12 privilege escalation exploit.
In this exploit I’ve also added a mitigation option, which will set correct service security descriptor configuration for SRT WebDrive. Note that the vulnerability is still unpatched, exploit tested on the latest version of SRT WebDrive.
The exploit was successfully tested on the following platforms:
– South River Technologies WebDrive 9.02 build 2232 on Microsoft Windows XP SP3.
Download srt_webdrive_priv.rb.
Also on Metasploit and exploit-db.
References:
CVE-2009-4606
OSVDB 59080
BID 37955
exploit-db 9970
Categories: Exploits, Metasploit
1 Comments | 
Comments RSS | 
TrackBack URL
RSS 2.0
ATOM 1.0
RDF 1.0
Links OPML
OpenSearch
Stop writing modules, start answering emails! ;-)