USB device privilege escalation

Started by Dieselboy, August 23, 2021, 02:47:11 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions

Dieselboy

August 23, 2021, 02:47:11 AM
1. plug in a usb device that is recognised as a razer mouse
2. windows automatically downloads the installer and prompts you where to store it
3. instead of saving the file, right click within explorer and "open powershell window here"
4. powershell is now running as system admin - do what you want

reference: https://www.bleepingcomputer.com/news/security/razer-bug-lets-you-become-a-windows-10-admin-by-plugging-in-a-mouse/

In addition, you dont actually physically need a razer mouse to do this, you can use a rooted android device to run a script to pretend to be the razer mouse. The vulnerability is because plug n play runs as the root user but then gives control back to the human with privilege escalation. Apparently the downloaded fiile can also be called after the event to regain privilege.

deanwebb

#1
August 23, 2021, 08:30:56 AM
:caine:

So we don't even need a registry hack, just a magic mouse... as long as you never install the driver, you can get those admin rights that the security guys said you weren't cool enough to have!
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.
Print
Go Up Pages1
User actions