Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/NotGlop/SysExec
[Windows] Local Privilege Escalation - WebClient
https://github.com/NotGlop/SysExec
Last synced: 22 days ago
JSON representation
[Windows] Local Privilege Escalation - WebClient
- Host: GitHub
- URL: https://github.com/NotGlop/SysExec
- Owner: NotGlop
- Created: 2017-03-28T09:24:31.000Z (over 7 years ago)
- Default Branch: master
- Last Pushed: 2017-05-15T10:55:21.000Z (over 7 years ago)
- Last Synced: 2024-08-05T17:24:55.841Z (4 months ago)
- Language: C++
- Size: 114 KB
- Stars: 57
- Watchers: 3
- Forks: 24
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
- awesome-hacking-lists - NotGlop/SysExec - [Windows] Local Privilege Escalation - WebClient (C++)
README
# SysExec
SysExec is a tool for exploiting the vulnerability initially disclosed here: https://bugs.chromium.org/p/project-zero/issues/detail?id=222.
Although the vulnerability was not initially patched, Microsoft finally decided to fix it with MS16-075: https://technet.microsoft.com/en-us/library/security/ms16-075.aspx
## Usage
sysexec.exe
: program to be run under SYSTEM privileges, non-interactive mode
## How it works
The current version will trigger tracing events by starting the RASMAN service.
Since this service can only be started (but not stopped) by unprivileged user, you will only get one chance.
However, you can trigger other services such as IpHlpSvc or RASPLAP if RASMAN is already started.