![]() Looking at the DACL on that folder, it also stood out that that “BUILTIN\Users” had write access: When applying the Process Monitor and watching the output for a few minutes, it became apparent that “UploaderService.exe” was querying the “C:\ProgramData\Techsmith\TechSmith Recorder\QueuedPresentations” directory for any XML files: When hunting for such bugs, I often start with running Process Monitor with a filter on SYSTEM processes and commonly abused filesystem locations, such as C:\ProgramData, C:\Windows\Temp and C:\Users\\AppData. ![]() This logic is true in most logical vulnerabilities in that interesting attack surface is linked to a privileged process utilizing a resource a low privileged user controls. In order to quickly identify potential vulnerabilities that could be exploited with the linking primitives, we need to identify locations on the OS where a privileged process (often SYSTEM) is interacting with a folder or file that a low privileged user has control over. If nothing interesting is returned, the next step is often looking for logical vulnerabilities specifically abusing symlink/mountpoint/hardlink primitives. This process typically involves running a tool such as PowerUp, which will identify various trivial (yet common) misconfigurations. My approach often includes starting with the basics and working my way up in complexity. When assessing software for privilege escalation vulnerabilities, finding a starting point can often be overwhelming as there are many different primitives and vulnerability classes that exist. When it does so, the service will hit the symbolic link and write the new file into a protected location with permissions that allow the low privileged user full control over the contents, resulting in Elevation of Privilege to NT AUTHORITY\SYSTEM. ![]() When the service checks for presentations, it will move the file out of the QueuedPresentations folder and into the InvalidPresentations folder. Since a low privileged user has full control over the QueuedPresentations and InvalidPresentations folders, it is possible to create an invalid presentation in the QueuedPresentations folder and then place a symbolic link for that file name in the InvalidPresentations folder that points to a privileged location. If an invalid one is found, the service moves that file to “C:\ProgramData\Techsmith\TechSmith Recorder\InvalidPresentations” as SYSTEM. ![]() This vulnerability was found in conjunction with Marcus Sailler, Rick Romo and Gary Muller of Capital Group’s Security Testing TeamĮvery 30-60 seconds, the TechSmith Uploader Service (UploaderService.exe) checks the folder “C:\ProgramData\Techsmith\TechSmith Recorder\QueuedPresentations” for any presentation files in the “*.xml” format. Processor: 2.4 GHz Intel single core ( Dual core for video)processor or later.Vulnerability: SnagIt Relay Classic Recorder Local Privilege Escalation through insecure file move.Hard Disk Space: 1 GB of free space required.All in all, TechSmith SnagIt 2020 is a reliable application for recording the screen activities and to make stunning videos with having every aspect highly customized System Requirements For TechSmith Snagit 2019īefore you start TechSmith Snagit 2019, make sure your PC meets minimum system requirements. It can enhance your productivity even as quickly as creating professional presentations and wonderful documentation. This wonderful application offers integrated editors to edit, annotate and beautify your photos and the catalog browser to organize your documents. It has the ability to capture the entire screen or some specific area of the screen without any hard efforts. Then you can easily add text, watermark, images, and arrows or apply different effects and save the captured item to a file or share it immediately to YouTube, Facebook, and Twitter or over Email and FTP. TechSmith SnagIt 2020 is a fully-featured and award-winning screen capturing application that enables you to select and capture anything on your screen. The program comes with neat and clean interface with self-explanatory options enabling the users to effortlessly use the application. The application provides a wide range of useful tools that allows the users to perform creative image editing like resizing, cutting, annotating, coloring, framing and image combining as well as add other numerous effects such as perspective, shadows and page-curl. It is a powerful screen capturing and recording application offering a user-friendly environment with a variety of customizations and settings that can perform various screen recording operations. TechSmith SnagIt 2020 is a professional and well-known screen capturing and image manipulation application that allows you to easily create high-quality images and videos. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |