https://github.com/DimopoulosElias/Primitives

https://github.com/DimopoulosElias/Primitives

Last synced: 3 months ago
JSON representation

• Host: GitHub
• URL: https://github.com/DimopoulosElias/Primitives
• Owner: DimopoulosElias
• Created: 2020-07-24T06:38:57.000Z (over 4 years ago)
• Default Branch: master
• Last Pushed: 2020-07-27T17:14:35.000Z (over 4 years ago)
• Last Synced: 2024-04-12T19:38:45.839Z (7 months ago)
• Language: C++
• Size: 359 KB
• Stars: 32
• Watchers: 1
• Forks: 13
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

• awesome-hacking-lists - DimopoulosElias/Primitives - (C++)

README

        
# Arbitrary Delete to System Primitive

*This is just the implementation of the technique which has been described by @jonasLyk in the following url: https://secret.club/2020/04/23/directory-deletion-shell.html . So all the gr33tz goes to JonasL*

1. When you initialize the class, you can pass as an argument the folder you want to create. If you pass no arguments, the "c:\windows\system32\wermgr.exe.local" will be used.

2. You can call the create_target_folder, in order to create the folder which you passed during the initialization of the class.

3. You can call the escalateToSystem which receives as an argument a dll file. This dll will be executed as SYSTEM. In the pre-compiled folder you will find the dll which is being provided by Jonas_L in his writeup. This function is used in the example file "Delete.cpp"

**This class abuses an arbitrary delete primitive. This means, that it is your responsibility to find a way and delete the C:\ProgramData\Microsoft\Windows\WER .**

In order for this primitive to work **you must to delete the C:\ProgramData\Microsoft\Windows\WER before using this class.**

### Change Log

I changed escalateToSystem, and now the function uses the CompatTelRunner in order to support escalation in Windows 10 Pro systems. 

For windows Home, it will use wermgr.exe.local, as described by Jona_L .