search
LinkedInGithub
githubEdit

windows-certificate-diloag

CVE-2019-1388arrow-up-right

hashtag
Exploit

  • Run hhupd.exearrow-up-right as an administrator from the menu.

  • Next, click on show information about the publisher's certificate.

  • We can see that the SpecSpAgencyInfo field is populated in the details tab.

  • Switch tab to General, see that the issued by field is populated with a hyper link. Click on it and click ok to close the certificate dialog box.

  • If we open task manager, we will see that the browser(chrome) instances was launched as SYSTEM.

  • Now, click anywhere on the web page and choose "view page source".

  • Once the source page is open in another tab, right-click again and select Save as, and "save as" dialog box will open.

  • At this point, we can launch any program by going to "c:\windows\system32\cmd.exe" in the file path and hit enter.

Previousweak-permission-in-aclNextwsus

Last updated