About  Project Blog Resources

Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

Symantec Endpoint Protection Arbitrary Write - 203

Elias Dimopoulos at RedyOpsPosted 5 Years Ago
  • A super classic issue for privilege escalation: symbolic links.
  • By creating a symbolic link to the log file from Symantec over a file of our choosing, the file (arbitrary name) will have the information from the log with high privileges.
  • The information, in the log file, can be partially controlled to execute commands. So, easy priv esc.
  • An interesting extra step that had to be done: this was to delete the Logs folder in the UserData section in order for the symbolic link issue to occur.
  • What's the calling for a symbolic link issue? High privilege programs writing to files in potentially user controlled areas.

Maxwell DulinEmail me!TwitterGithubAdminBlog RSS FeedResources RSS Feed