iscsicpl_bypassUAC
2022-9-8 23:16:49 Author: github.com(查看原文) 阅读量:17 收藏

This branch is up to date with zha0gongz1/iscsicpl_bypassUAC:main.

Contribute

  • This branch is not ahead of the upstream zha0gongz1:main.

    No new commits yet. Enjoy your day!

Files

Permalink

Failed to load latest commit information.

Type

Name

Latest commit message

Commit time

The iscsicpl.exe binary is vulnerable to a DLL Search Order hijacking vulnerability when running 32bit Microsoft binary on a 64bit host via SysWOW64. The 32bit binary, will perform a search within user %Path% for the DLL iscsiexe.dll. This can be exploited using a Proxy DLL to execute code via "iscsicpl.exe" as autoelevate is enabled. This exploit has been tested against the following versions of Windows desktop:

  • Windows 11 Enterprise x64 (Version 10.0.22000.739).
  • Windows 8.1 Professional x64 (Version 6.3.9600).
iscsicpl_bypassUAC.exe "reg save hklm\sam C:\xx\sam.hive"

iscsicpl_bypassUAC.exe "C:\Windows\System32\cmd.exe"

These files are available under a Attribution-NonCommercial-NoDerivatives 4.0 International license.

文章来源: https://github.com/y35uishere/iscsicpl_bypassUAC
如有侵权请联系:admin#unsafe.sh