MiniTool ShadowMaker 3.2 Exploit, 'MTAgentService' Unquoted Service Path

# Exploit Title: MiniTool ShadowMaker 3.2 - 'MTAgentService' Unquoted Service Path
# Discovery by: Thalia Nieto
# Discovery Date: 02/01/21
# Vendor Homepage: https://www.minitool.com
# Software Link: https://www.minitool.com/backup/thanks-download.html?v=sm-free&r=download-center/
# Tested Version: 3.2
# Vulnerability Type: Unquoted Service Path
# Tested on OS: Windows 10

# Step to discover Unquoted Service Path: 

C:\>wmic service get name, pathname, displayname, name | findstr /i "MTAgentService"

MTAgentService	MTAgentService	C:\Program Files\MiniTool ShadowMaker\AgentService.exe

# Service info:

C:\>sc qc "MTAgentService"
[SC] QueryServiceConfig CORRECTO

NOMBRE_SERVICIO: MTAgentService
        TIPO               : 110  WIN32_OWN_PROCESS (interactive)
        TIPO_INICIO        : 2   AUTO_START
        CONTROL_ERROR      : 1   NORMAL
        NOMBRE_RUTA_BINARIO: C:\Program Files\MiniTool ShadowMaker\AgentService.exe
        GRUPO_ORDEN_CARGA  :
        ETIQUETA           : 0
        NOMBRE_MOSTRAR     : MTAgentService
        DEPENDENCIAS       :
        NOMBRE_INICIO_SERVICIO: LocalSystem

All rights reserved nPulse.net 2009 - 2024
Powered by: MVCP 2.0-RC / BVCP / ASPF-MILTER / PHP 7.4 / NGINX / FreeBSD