Privilege escalation over notepad++ installer
Posted by Worth_Trust_3825@reddit | programming | View on Reddit | 13 comments
Posted by Worth_Trust_3825@reddit | programming | View on Reddit | 13 comments
ginormouspdf@reddit
Idk if TheTorjanCaptain will see this and I'm not going to open an issue for it, but you can't put MIT license on something and then in the readme say "Free for educational, research, and defensive purposes only." Use an appropriate license instead, or modify the license text to add a condition to the license (in the way that the Commons Clause does).
that_leaflet@reddit
I never knew Windows first checked the same folder a binary of the same name. At least on UNIX, you can't run a file in a folder just by typing it's name unless it's in your PATH. You must specify where exactly the file is located. So something like "/path/to/binary" or "./binary" instead of just "binary".
txmasterg@reddit
Here's another fun one, when you do this same thing with something like C:\Program Files\Corp Name\myexe.exe you may find out that if C:\Program Files\Corp.exe exists it will be called instead of myexe.exe. You have to surround it with quotes to ensure you get what you want.
Worth_Trust_3825@reddit (OP)
yeah, behavior is the same on powershell, but
Process.execbugs that caused some commotion last year in several language frameworks did shed some light that the entire subsystem is held by rubberbands and glue.On the other hand I did replicate behavior with cmd.exe
jcotton42@reddit
It is not, it presents an info message that an executable with that name is in the current folder, but it will not be run without a ./ or .\ prefix.
Thotaz@reddit
What's what he is saying. The original comment explains how it works on Linux, and the response is that PowerShell has the same behavior.
jcotton42@reddit
I derped and misread, oops.
Thotaz@reddit
I accidentally wrote "What's" when I meant to write "That's" so we can be idiots together.
unbelver@reddit
Oh, I've seen plenty of clueless types with "." in their path.
happyscrappy@reddit
It's just that regsvr tool doing this. Not the shell.
It does support PATHs too, as mentioned. But it looks in the same folder first. Surely a backwards compatibility thing from ye olde days when security wasn't as important (like windows 95 or something).
Tools can have different search orders than shells do. Like for example a linker (ld on UNIX). ld searches for libraries and object files in various paths and I think it typically does search in the current directory first.
Worth_Trust_3825@reddit (OP)
It's not regsvr doing this, but rather windows selecting wrong regsrv to run.
xeio87@reddit
Bunch of people at work noticed Notepad++ installs went missing on their machines. We were guessing this is the culprit but IT didn't bother to actually send out any notification about it or to upgrade to a patched version.
Worth_Trust_3825@reddit (OP)
yes this reads like ai slop