Backdoor.Win32.RemoteManipulator.brr Insecure Permissions

Backdoor.Win32.RemoteManipulator.brr malware suffers from an insecure permissions vulnerability.

Exploit/PoC:

C:\>cacls C:\eaKVB87.tmp
C:\eaKVB87.tmp BUILTIN\Administrators:(OI)(CI)(ID)F
               NT AUTHORITY\SYSTEM:(OI)(CI)(ID)F
               BUILTIN\Users:(OI)(CI)(ID)R
               NT AUTHORITY\Authenticated Users:(ID)C
               NT AUTHORITY\Authenticated Users:(OI)(CI)(IO)(ID)C



C:\>cacls C:\eaKVB87.tmp\taskhosteo.exe
C:\eaKVB87.tmp\taskhosteo.exe BUILTIN\Administrators:(ID)F
                              NT AUTHORITY\SYSTEM:(ID)F
                              BUILTIN\Users:(ID)R
                              NT AUTHORITY\Authenticated Users:(ID)C

Directory of c:\eaKVB87.tmp

03/27/2017  01:38 AM            42,320 citoCavb.vbs
01/27/2021  08:36 PM                 0 N0731337.bak
03/21/2017  08:11 PM         3,968,512 taskhosteo.exe
09/01/2016  07:44 AM         1,639,336 vp8encoder.dll

Exploit

Insecure Permissions

Car Rental Project 2.0 Shell Upload Previous

Backdoor.Win32.NetBull.11.b Remote Buffer Overflow Next