Advertising (This ad goes away for registered users. You can Login or Register)

adobe/ms suite_server exploit_breif p.o.c

Discuss about your favorite (gaming...or not) devices here. The most popular ones will end up getting their own categories
Programming discussions for your favorite Device
Forum rules
Forum rule Nº 15 is strictly enforced in this subforum.
Post Reply
thekornerkids
Posts: 80
Joined: Sat Sep 29, 2012 3:47 am

adobe/ms suite_server exploit_breif p.o.c

Post by thekornerkids » Wed Oct 17, 2012 5:45 am

so i found this exploit out back when i was at school, kept it on the down low though. i did inform the district i.t.'s about this but basically its an exploit in any adobe or ms suite program. i advice you to do this at your own risk, i am telling this to the community as proof of a very dangerous flaw in these programs. i do not condone this as a means to accomplish any thing mischievous and as such i will be try to keep this brief and not give away to much.

i was very fortunate that i did not get in trouble but as since the system administrators saw me as only an aspiring young person who wished to learn more about the computer world charges were not pressed. due to me telling them about several flaws in there computer system besides this one they know of me and i am in a good position to get a job with them later on in the future once i go to college.

originally i figured it out by messing up when defining my site in Dreamweaver this allowed for to see the root of the drive containing all of the user profiles. on your a physical terminals hard drive the user profiles can be found as folders within the my computer application and within these folders is where all the data from that user is stored. so for me gaining access to these user files proved as a p.o.c, after all what other files can have there user restrictions bypassed in this way and as such be viewed by an unauthorized user.

i learned by making this mistake defining my website in dreamweaver, how file locations on the servers hard drives are handles by these program

an example of my findings is below, this is the file location of where the students files were located
\\sch-fps02\students$\1st name. 3 of last name birthdate

based on this i figured out that it was basically
\\server drive\drive share\user

from this i exchanged the different parts for random variables to see what would work, in a way this allowed my to learn more about location mapping
\\server drive\drive share\user >>> \\*\*\*

from my previous days i was really into batch scripting and using the cmd to hack
i figured i start by learning batch code because the computer is based on some thing called dos and all we really see is a shell in a way
i managed to take over the command prompt and run a couple of commands to map the system drives [hidden and un-hidden]

i know had a map of all drives and there shares, and a way by which to bypass restrictions and freely view these restricted files
in other words the network was pawned.
how ever if you'll notice the file viewing capabilities is very limited, which caused me to seek a method to improve upon this hack.
this lead me to find this exploit in other programs, such as the entire adobe and ms suite.
Advertising
Top
Post Reply

Return to “Programming and Security”