Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details

All Projects → math1as → Cve 2020 1337 Exploit

math1as / Cve 2020 1337 Exploit

CVE-2020-1337 Windows Print Spooler Privilege Escalation

Programming Languages

powershell

5483 projects

CVE-2020-1337 Windows Privilege Escalation

this is a WWW(write-what-where) exploit

credit

Junyu Zhou (@md5_salt), who told me there could be a new bug.

Wenxu Wu (@ma7h1as), I find the bug and write this exploit.

how it works

in the patch of CVE-2020-1048, Microsoft add the validation code of portname on XcvData function.

which could be triggered by call Add-Printer in Powershell.

now both AddPort and XcvData function would check if current user has access to portname.

but still, We could use junction to solve this problem, once the check is passed, we reparse it to a system folder. for example, C:\windows\system32

after reboot or service restart, user controlled data would be written into portname.

see exploit.ps1 for more details.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].

Stars: ✭ 144

Visit Git Page 🔗Visit User Page 🔗Visit Issues Page (0) 🔗