Blaster CVE-2019-1388- Tryhackme lab

This post will show how easy it is to get a system level command prompt with a standard user account using the CVE-2019-1388 vulnerability.

This is demonstrated by working on the Blaster room by TryHackMe. This challenge highlights the CVE-2019-1388 vulnerability. The standard user will run an executable that required administrator privileges. Next the user will click “Show more details”

Next the user will click “Show information about the publishers certificate”. Followed by the “VeriSign Commercial Software Publishers CA” link.

This will open Internet Explorer, the problem here is; the Internet Explorer program opens with administrative privileges. If we click “Control + s” we will get the error below, then a file browser with administrator privileges.

If we close the error and type “cmd” in the top, we get a command prompt window.

In the command prompt window, we run the “whoami” command to display the prompt has system level privileges.

This process bypassed UAC and provided a system level command prompt without entering an administrator password. This vulnerability was quickly patched by Microsoft and hopefully not too common in modern systems with patch management. Please keep your systems up to date!