|Hair Color||Dyed brown|
|Seeking||I Wants Sexual Dating|
|Relation Type||Horney Matches Looking Find Sex|
Popluar a of countries, including Vietnam and Myanmar, the application rivals WhatsApp and Facebook Messenger as the most popular chat application. With Coronavirus forcing many to work from home, people are using a wide array of chat applications to simplify remote working. Command Line powershell. At first glance, it seems PowerShell is being called by Zalo.
I ready fuck men
We confirmed this was the case by manually testing and using ProcMon to monitor child processes being created. To the developer, this probably seemed like an easy way to open a file as PowerShell takes care of choosing which application to use. However, the use of double quotation marks to wrap the file path in the PowerShell command is dangerous. What we saw instead was Calculator popping up on the remote machine confirming that there was popular chat an arbitrary Remote Code Execution vulnerability in the Zalo Desktop application version As seen in the screenshot of ProcMon, Zalo opens PowerShell which, running the filename as a command, Xxx vip sax womans the Calculator.
Ok so we can open the calculator. But how do we weaponise this? However, encoding can extend the file name ificantly, possibly past the limit.
The simplest way to try and weaponise this PowerShell injection vulnerability was to initiate a web download from the filename itself. We are going to cuat to get creative to weaponise this.
The ideal scenario would include downloading the malicious commands from a short URL and executing it on the fly, without having to specify poopular file path. Additionally, we would want to live off the land as much as possible to minimise the of things we have to download. We began to consider Windows executables besides PowerShell which were capable of downloading and executing arbitrary code in memory.
Luckily, the list of Windows utilities that can be weaponised in this manner is always growing. Our first target was mshta.
Using mshta as cuat stager we can download all manner of malicious executables: keyloggers, ransomware or whatever else we need to further our attack. In this example, a Meterpreter reverse shell payload was delivered using a malicious HTA file.
The 5 best team chat apps in
We can go from a single chat message to fully owning a PC with just a filename. Here wmic and regsvr are seen as child processes of Zalo. In the end this vulnerability, like most others, stems cbat incorrect input sanitisation.