Forums Desktop Info Vulnerability

Viewing 3 reply threads
  • Author
    • #4085

      Hi, I want to report a vulnerability RELATED to DesktopInfo, not in it. I’m a professional penetration tester. Due to the lack of an installer, I’ve seen my customers unzip the program to the root of the C drive. Any new directories created on the root of the C drive have weak permissions which gives “authenticated users” read/write permissions, unlike those placed under “Program Files”. This allowed me to escalate privileges from a Domain User to Domain Administrator as well as local system privilege escalation.

      Since there was no installer, the program was unzipped to C:\DesktopInfo and a shortcut placed in the Windows startup folder. I simply added CMD’s to the DesktopInfo ini file. When a user with admin privileges logs in, they unknowingly run my commands. The impact of this is that if a user of DesktopInfo gets “phished” by a black hat hacker, they can backdoor DesktopInfo’s ini file to run commands, such as install malware or ransomware.

      I suggest adding something to the documentation stating that the program should be placed in a secure location, such as “C:\Program Files” or “C:\Program Files (x86)”. Best case would be for you to create an installer that places the program in “Program Files” by default.

    • #4088

      Interesting. I’ll add your comments to the documentation and the FAQ on the web site. Thanks.

    • #4106

      I have to say I’ve been a little lax in this respect. I know from experience that putting it in Program Files is a pain because Windows stops me from tinkering, which is exactly your point I suppose.

      I think it also prevents the log file being written by the program. For the log file, I’ll add the option to put %appdata% in the log file path.

      What else is required for it to run in Program Files?

    • #4325

      I’ve added a new secret command line option to v3.2 that creates a pre-configured executable with an embedded ini file so you can deploy it without fear of it being modified by unauthorized personages.

Viewing 3 reply threads
  • You must be logged in to reply to this topic.
Glenn's Page