Escalating Local Privileges Using Mobile Partner

Mobile Partner is a very popular software that ships with Huawei internet dongles. Recently I noticed the fact that the “Mobile Partner” directory and all subdirectories, files by default has full permissions granted the Users group. This means that any User in your system can plant a malicious executable and escalate privileges when the Administrator runs Mobile Partner. Why not bind the exe using msfpayload or msfvenom? 😉

 Proof of Concept

By default in my dongle I had Mobile Partner 11.302.09.00.03 and if you are using versions below you might find out that this folder and it’s contents has been granted full permissions not only to the Users group but also to Everyone which means any random user can plant anything inside this directory.

C:\Program Files (x86)>cacls "Mobile Partner"
C:\Program Files (x86)\Mobile Partner Everyone:(OI)(CI)F
                                      BUILTIN\Users:(OI)(CI)F
                                      NT SERVICE\TrustedInstaller:(ID)F
                                      NT SERVICE\TrustedInstaller:(CI)(IO)(ID)F

                                      NT AUTHORITY\SYSTEM:(ID)F
                                      NT AUTHORITY\SYSTEM:(OI)(CI)(IO)(ID)F
                                      BUILTIN\Administrators:(ID)F
                                      BUILTIN\Administrators:(OI)(CI)(IO)(ID)F
                                      CREATOR OWNER:(OI)(CI)(IO)(ID)F
                                      APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES:(ID)R
                                      APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES:(OI)(CI)(IO)(ID)(special access:)

                             GENERIC_READ

                             GENERIC_EXECUTE

C:\Program Files>cd "Mobile Partner"

C:\Program Files (x86)\Mobile Partner>cacls "Mobile Partner.exe"
C:\Program Files (x86)\Mobile Partner\Mobile Partner.exe Everyone:F
                                                         BUILTIN\Users:F
                                                         NT AUTHORITY\SYSTEM:(ID)F
                                                         BUILTIN\Administrators:(ID)F
                                                         APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES:(ID)R

(more…)

Advertisements

Xilisoft Video Converter Ultimate DLL Hijacking

Overview of Xilisoft Video Converter Ultimate

Xilisoft Video Converter Ultimate is a professional video converter which has a wide range of video and audio formats. I personally love this software since it uses GPU acceleration in converting videos.

It is on the high side of premium video converters for home use. It automatic profiles enhanced for just any device or format, graphics card detection and acceleration.
-CNET

(more…)