Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/math1as/CVE-2020-1337-exploit

CVE-2020-1337 Windows Print Spooler Privilege Escalation
https://github.com/math1as/CVE-2020-1337-exploit

Last synced: 22 days ago
JSON representation

CVE-2020-1337 Windows Print Spooler Privilege Escalation

Host: GitHub
URL: https://github.com/math1as/CVE-2020-1337-exploit
Owner: math1as
Created: 2020-07-21T08:01:20.000Z (over 4 years ago)
Default Branch: master
Last Pushed: 2023-12-15T02:24:29.000Z (12 months ago)
Last Synced: 2024-08-05T17:33:11.418Z (4 months ago)
Language: PowerShell
Homepage:
Size: 61.5 KB
Stars: 153
Watchers: 7
Forks: 27
Open Issues: 1
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

awesome-hacking-lists - math1as/CVE-2020-1337-exploit - CVE-2020-1337 Windows Print Spooler Privilege Escalation (PowerShell)

README

        # CVE-2020-1337 Windows Privilege Escalation

this is a WWW(write-what-where) exploit 

## credit

Junyu Zhou (@md5_salt), who told me there could be a new bug.

Wenxu Wu (@ma7h1as), I find the bug and write this exploit.

## how it works

in the patch of CVE-2020-1048, Microsoft add the validation code of portname on XcvData function.

which could be triggered by call Add-Printer in Powershell.

now both AddPort and XcvData function would check if current user has access to portname.

but still, We could use junction to solve this problem, once the check is passed, we reparse it to a system folder. for example, C:\windows\system32

after reboot or service restart, user controlled data would be written into portname.

see exploit.ps1 for more details.