Menu

Search for hundreds of thousands of exploits

"Cyclope Employee Surveillance 8.6.1 - Insecure File Permissions"

Author

Exploit author

loneferret

Platform

Exploit platform

windows

Release date

Exploit published date

2015-12-06

Download file

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
# Author: loneferret of Offensive Security
# Product: Cyclope Employee Surveillance Solution (again)
# Version: <= 6.8.1 
# Vendor Site: http://www.cyclope-series.com/
# Software Download: http://www.cyclope-series.com/download/index.html
# Link: http://www.cyclope-series.com/setups/setup.exe
 
# Software description:
# The employee monitoring software developed by Cyclope-Series is specially designed to inform 
# and equip management with statistics relating to the productivity of staff within their organization. 
 
# Vulnerability:
# Due to insecure file Permissions, a low privileged could potentially 
# delete, modify or replace many of the key executable files used, and needed
# by the software.

# Although I haven't checked older versions, I do recall seeing the same file
# permissions being set. Making this software extremely prone to lots of fun stuff.

''' File Information '''
A few files with odd-ball permission. Keep in mind all files are like this.
All files in c:\xampplite, as well as  in Program Files.
The "CyclopeClient.exe" is is what is pushed to workstation in order to monitor
employees. As we can see, this file's permission is set to "Everybody". So is the
uninstaller executable.

So gain access to the system, and as a low privileged user one can
easily replace httpd.exe or mysqld.exe, with an evil EXE file.
Next time that file is executed, you'll get your shell as SYSTEM.
Although they'll be out of a service...bummer


# C:\xampplite\mysql\bin>icacls mysqld.exe
# mysqld.exe BUILTIN\Administrators:(I)(F)
#            NT AUTHORITY\SYSTEM:(I)(F)
#            BUILTIN\Users:(I)(RX)
#            NT AUTHORITY\Authenticated Users:(I)(M)
# 
# Successfully processed 1 files; Failed processing 0 files
----

# C:\xampplite\apache\bin>icacls httpd.exe
# httpd.exe BUILTIN\Administrators:(I)(F)
#           NT AUTHORITY\SYSTEM:(I)(F)
#           BUILTIN\Users:(I)(RX)
#           NT AUTHORITY\Authenticated Users:(I)(M)
# 
# Successfully processed 1 files; Failed processing 0 files
----

# C:\xampplite\mysql\bin>icacls mysql.exe
# mysql.exe BUILTIN\Administrators:(I)(F)
#           NT AUTHORITY\SYSTEM:(I)(F)
#           BUILTIN\Users:(I)(RX)
#           NT AUTHORITY\Authenticated Users:(I)(M)
# 
# Successfully processed 1 files; Failed processing 0 files
----

# C:\Program Files\Cyclope\Client>icacls CyclopeClient.exe
# CyclopeClient.exe Everyone:(F)
# 
# Successfully processed 1 files; Failed processing 0 files
----

# C:\Program Files\Cyclope>icacls unins000.exe
# unins000.exe Everyone:(F)
# 
# Successfully processed 1 files; Failed processing 0 files
..
..
etc..
..
..
Way too many files to list, essentially whatever this thing installs it's up for grabs.
Release Date Title Type Platform Author
2020-12-02 "Mitel mitel-cs018 - Call Data Information Disclosure" remote linux "Andrea Intilangelo"
2020-12-02 "aSc TimeTables 2021.6.2 - Denial of Service (PoC)" local windows "Ismael Nava"
2020-12-02 "NewsLister - Authenticated Persistent Cross-Site Scripting" webapps multiple "Emre Aslan"
2020-12-02 "ChurchCRM 4.2.1 - Persistent Cross Site Scripting (XSS)" webapps multiple "Mufaddal Masalawala"
2020-12-02 "Ksix Zigbee Devices - Playback Protection Bypass (PoC)" remote multiple "Alejandro Vazquez Vazquez"
2020-12-02 "Anuko Time Tracker 1.19.23.5311 - No rate Limit on Password Reset functionality" webapps php "Mufaddal Masalawala"
2020-12-02 "DotCMS 20.11 - Stored Cross-Site Scripting" webapps multiple "Hardik Solanki"
2020-12-02 "ChurchCRM 4.2.0 - CSV/Formula Injection" webapps multiple "Mufaddal Masalawala"
2020-12-02 "Artworks Gallery 1.0 - Arbitrary File Upload RCE (Authenticated) via Edit Profile" webapps multiple "Shahrukh Iqbal Mirza"
2020-12-02 "IDT PC Audio 1.0.6433.0 - 'STacSV' Unquoted Service Path" local windows "Manuel Alvarez"
Release Date Title Type Platform Author
2020-12-02 "aSc TimeTables 2021.6.2 - Denial of Service (PoC)" local windows "Ismael Nava"
2020-12-02 "IDT PC Audio 1.0.6433.0 - 'STacSV' Unquoted Service Path" local windows "Manuel Alvarez"
2020-12-02 "PRTG Network Monitor 20.4.63.1412 - 'maps' Stored XSS" webapps windows "Amin Rawah"
2020-12-02 "Microsoft Windows - Win32k Elevation of Privilege" local windows nu11secur1ty
2020-12-01 "Global Registration Service 1.0.0.3 - 'GREGsvc.exe' Unquoted Service Path" local windows "Emmanuel Lujan"
2020-12-01 "Pearson Vue VTS 2.3.1911 Installer - VUEApplicationWrapper Unquoted Service Path" local windows Jok3r
2020-12-01 "Intel(r) Management and Security Application 5.2 - User Notification Service Unquoted Service Path" local windows "Metin Yunus Kandemir"
2020-12-01 "10-Strike Network Inventory Explorer 8.65 - Buffer Overflow (SEH)" local windows Sectechs
2020-12-01 "EPSON Status Monitor 3 'EPSON_PM_RPCV4_06' - Unquoted Service Path" local windows SamAlucard
2020-11-30 "YATinyWinFTP - Denial of Service (PoC)" remote windows strider
Release Date Title Type Platform Author
2016-08-16 "Pi-Hole Web Interface 2.8.1 - Persistent Cross-Site Scripting in Whitelist/Blacklist" webapps linux loneferret
2015-12-06 "Cyclope Employee Surveillance 8.6.1 - Insecure File Permissions" local windows loneferret
2013-09-10 "eM Client e-mail client 5.0.18025.0 - Persistent Cross-Site Scripting" remote windows loneferret
2013-08-23 "dreamMail e-mail client 4.6.9.2 - Persistent Cross-Site Scripting" remote windows loneferret
2012-11-21 "PHP Server Monitor - Persistent Cross-Site Scripting" webapps php loneferret
2012-11-19 "weBid 1.0.5 - Directory Traversal" webapps php loneferret
2012-10-10 "ServersCheck Monitoring Software 9.0.12/9.0.14 - Persistent Cross-Site Scripting" webapps multiple loneferret
2012-10-08 "Web Help Desk by SolarWinds - Persistent Cross-Site Scripting" webapps php loneferret
2012-08-23 "op5 Monitoring 5.4.2 - VM Applicance Multiple Vulnerabilities" webapps php loneferret
2012-08-21 "Clipbucket 2.5 - Blind SQL Injection" webapps php loneferret
2012-08-21 "Clipbucket 2.5 - Directory Traversal" webapps php loneferret
2012-08-18 "ManageEngine OpUtils 6.0 - Persistent Cross-Site Scripting" webapps windows loneferret
2012-08-17 "Jaow CMS 2.3 - Blind SQL Injection" webapps php loneferret
2012-08-15 "Cyclope Employee Surveillance Solution 6.0 6.1.0 6.2.0 - Multiple Vulnerabilities" webapps windows loneferret
2012-08-15 "sphpforum 0.4 - Multiple Vulnerabilities" webapps php loneferret
2012-08-12 "Spytech NetVizor 6.1 - 'services.exe' Denial of Service" dos windows loneferret
2012-08-09 "Cyclope Employee Surveillance Solution 6.0/6.1.0/6.2.0/6.2.1/6.3.0 - SQL Injection" webapps windows loneferret
2012-08-08 "T-dah Webmail Client 3.2.0-2.3 - Persistent Cross-Site Scripting" webapps php loneferret
2012-08-08 "winwebmail server 3.8.1.6 - Persistent Cross-Site Scripting" webapps windows loneferret
2012-08-08 "afterlogic mailsuite pro (VMware Appliance) 6.3 - Persistent Cross-Site Scripting" webapps windows loneferret
2012-08-08 "Axigen Mail Server 8.0.1 - Persistent Cross-Site Scripting" webapps windows loneferret
2012-08-08 "emailarchitect enterprise email server 10.0 - Persistent Cross-Site Scripting" webapps windows loneferret
2012-08-08 "WordPress Plugin mini mail Dashboard widget 1.42 - Persistent Cross-Site Scripting" webapps php loneferret
2012-08-08 "escon supportportal pro 3.0 - Persistent Cross-Site Scripting" webapps windows loneferret
2012-08-08 "mailenable enterprise 6.5 - Persistent Cross-Site Scripting" webapps windows loneferret
2012-08-08 "xeams email server 4.4 build 5720 - Persistent Cross-Site Scripting" webapps windows loneferret
2012-08-08 "mailtraq 2.17.3.3150 - Persistent Cross-Site Scripting" webapps windows loneferret
2012-08-08 "Alt-N MDaemon free 12.5.4 - Persistent Cross-Site Scripting" webapps windows loneferret
2012-08-08 "OTRS Open Technology Real Services 3.1.4 - Persistent Cross-Site Scripting" webapps windows loneferret
2012-08-08 "WordPress Plugin postie 1.4.3 - Persistent Cross-Site Scripting" webapps php loneferret 
import requests
response = requests.get('http://127.0.0.1:8181?format=json')

For full documentation follow the link above

Cipherscan. Find out which SSL ciphersuites are supported by a target.

Cipher Protocols Sigalg Trusted

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.

Host WAF detected