lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 8 Jan 2021 10:31:06 +0000
From: bo0od <bo0od@...eup.net>
To: fulldisclosure@...lists.org
Subject: Re: [FD] Backdoor.Win32.Xtreme.yvp / Insecure Permissions EoP

When you say backdoor, you mean backdoor which microsoft remotely using 
it or you mean a malware can take advantage of?

malvuln:
> Discovery / credits: malvuln - Malvuln.com (c) 2021
> Original source:
> https://malvuln.com/advisory/7bd93c10c9373cfc2bcc8eff712631f1.txt
> Contact: malvuln13@...il.com
> Media: twitter.com/malvuln
> 
> Threat: Backdoor.Win32.Xtreme.yvp
> Vulnerability: Insecure Permissions EoP
> Description: Change permissions are granted to authenticated users,
> allowing privilege escalation.
> Type: PE32
> MD5: 7bd93c10c9373cfc2bcc8eff712631f1
> Vuln ID: MVID-2021-0017
> Dropped files: System.exe
> Disclosure: 01/08/2021
> 
> Exploit/PoC:
> C:\>cacls C:\SystemG\System.exe
> C:\SystemG\System.exe BUILTIN\Administrators:(ID)F
>                        NT AUTHORITY\SYSTEM:(ID)F
>                        BUILTIN\Users:(ID)R
>                        NT AUTHORITY\Authenticated Users:(ID)C
> 
> 
> Disclaimer: The information contained within this advisory is supplied
> "as-is" with no warranties or guarantees of fitness of use or otherwise.
> Permission is hereby granted for the redistribution of this advisory,
> provided that it is not altered except by reformatting it, and that due
> credit is given. Permission is explicitly given for insertion in
> vulnerability databases and similar, provided that due credit is given to
> the author. The author is not responsible for any misuse of the information
> contained herein and accepts no responsibility for any damage caused by the
> use or misuse of this information. The author prohibits any malicious use
> of security related information or exploits by the author or elsewhere. Do
> not attempt to download Malware samples. The author of this website takes
> no responsibility for any kind of damages occurring from improper Malware
> handling or the downloading of ANY Malware mentioned on this website or
> elsewhere. All content Copyright (c) Malvuln.com (TM).
> 
> _______________________________________________
> Sent through the Full Disclosure mailing list
> https://nmap.org/mailman/listinfo/fulldisclosure
> Web Archives & RSS: http://seclists.org/fulldisclosure/
> 

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists