Show Posts
1
HFS ~ HTTP File Server / Re: [HFS 2.3a] 0Day Vulnerability discovered by me!
« on: August 09, 2014, 08:11:27 AM »
I was informed by one of my users I had the same problem yesterday.
https://www.dropbox.com/s/ji4i894lxvlk49g/2014-08-08%2013.07.57%20-%20Copy.jpg
I've restored the .VFS file from the backup which seems to have removed the user and root folder (at least superficially). The exploit created a root access share and created a user called "Hacked".
There has been an additional file added in the folder:
C:\Users\xxxxxx\AppData\Local\VirtualStore\Program Files (x86)\HFS called "hack.tpl".
The hfs.ini file has then been edited to add the line "tpl-file=hack.tpl"
I have kept the hacked copy of all reference files if it would be of any use to you in solving the problem?
https://www.dropbox.com/s/ji4i894lxvlk49g/2014-08-08%2013.07.57%20-%20Copy.jpg
I've restored the .VFS file from the backup which seems to have removed the user and root folder (at least superficially). The exploit created a root access share and created a user called "Hacked".
There has been an additional file added in the folder:
C:\Users\xxxxxx\AppData\Local\VirtualStore\Program Files (x86)\HFS called "hack.tpl".
The hfs.ini file has then been edited to add the line "tpl-file=hack.tpl"
I have kept the hacked copy of all reference files if it would be of any use to you in solving the problem?