Remote Desktop Vulnerability in WIN8 system Elevation of Privilege using pure QQ pinyin Edition

Preface

When I found this vulnerability, I was attending classes in the IDC. When I tried to use Remote Desktop 3389 to control the dormitory computer, I scanned the computer with port 3389 enabled in the IP segment because the redo system forgot its IP address.

I did not expect to scan a WIN8 system at will, and the system was also installed with the pure version of QQ Input Method WIN8.

At that time, I remembered the vulnerability in junior high school and tested it. I did not expect that seven or eight years later, the extremely secure WIN8 system has such a large vulnerability. Here we will repeat the process of Elevation of Privilege.

Process

First, confirm that the QQ Pinyin input method is installed.

Ctrl + space to call up the tray, find this option

Enable IE

The security of IE and WIN8 is indeed improved a lot.

Enter D: \ file: // d: in the address bar to open the folder.

I thought that I only needed to upload a bat batch, write the command for permission escalation, and then download and run it with IE,

I did not expect various prompts, such as system requirements to verify your user password, and cannot be downloaded at all. It can be seen that the conventional method really does not work.

Microsoft is still fixing these vulnerabilities. However, after many attempts by the author, it finally finds that one vulnerability has not been filled.

That is, the "-save as" option in the File menu. Save the webpage file as a folder to open the folder dialog box.

At this time, I feel that it is almost close to victory. However, after more than half a lesson, I have never been able to make a substantial breakthrough.

Folder tab has been limited to several mnt, txt and other formats

I can even use Notepad and other programs to open the Elevation of Privilege command editing, but the key is always restricted by Microsoft

1 2 Next Page