Get Desktop Username From Exploit

SoundInfinity

Posts: 94

Threads: 14

Joined: Nov, 2018

Reputation: 8

Posted

So I was messing around with some things, and wanted to get the CWD of the exploit. And, well I did it, but I also figured out another way to get the username of the user. This can be easily be prevented by running the exploit in a directory higher than the "C:\Users" folder. And, you cannot do anything harmful aswell because: readfile, delfile and even isfolder, have been sandboxed to work only at the workspace folder only.

local words = {}

for word in ({({pcall(listfiles, '%appdata%')})[2]:match("([.]:.+\"(.+)\")")})[2]:gmatch('[^\\]+') do
    words[#words+1] = word
end

if words[2] then
    if words[3] then
        print("Username: "..words[3])
    end
end

GitHub: https://github.com/sound-infinity

Discord: SoundInfinity#2135

0x90

dingleberry#2286

Posts: 249

Threads: 26

Joined: Dec, 2020

Reputation: 28

Replied

You can do the same approach by erroring readfile, I've seen some exploits pass directory to an error

https://media.discordapp.net/attachments/834551308173443142/835761259093295124/0x90.gif

Users viewing this thread:

( Members: 0, Guests: 1, Total: 1 )