Jump to content

Natsumi

Members
  • Content Count

    9
  • Joined

  • Last visited

Community Reputation

0 Neutral

About Natsumi

  • Rank
    New Member

Profile Information

  • Location
    United Kingdom
  • Interests
    Anti-Malware, C#, Web-Applications, Pentesting

Recent Profile Visitors

92 profile views
  1. Sorry for reviving the thread just checked and it seems that this issue also affects the installer of your MBAM VPN, just thought I'd mention it in-case your product team only review the main AV installer At-least this vulnerability only affects the installer and not your installed product service unlike some of your VPN competitors
  2. For an example I'm just posting a screenshot of a backdoor remote shell using TCP that communicates via NetCat on localhost: Context: 1. I added the remote backdoor and copied it to "C:\Program.exe" 2. I ran the MBAM installer 3. Windows mis-interpreted the service location and ran my backdoor (Also deny malwarebytes installation) 4. The backdoor communicated to LOCALHOST and gave me (myself in this case) SYSTEM privs
  3. Hi all, new here so sorry if it's wrong to post bugs in this section (My bad) :) I noticed that during an installation of MBAM premium trial, the installation process creates a service that will be ran as NT/SYSTEM but doesn't quote it's process path. This is a Unquoted service path vulnerability that can elevate a user with write access to the C:\ drive to NT/SYSTEM. Reference for this vector: https://www.commonexploits.com/unquoted-service-paths/. I've attached a video of me demonstrating the vulnerability. To exploit this vulnerability, an attacker would have to:
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.