Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/zha0gongz1/iscsicpl_bypassUAC
UAC bypass for x64 Windows 7 - 11(无弹窗版)
https://github.com/zha0gongz1/iscsicpl_bypassUAC
Last synced: about 2 months ago
JSON representation
UAC bypass for x64 Windows 7 - 11(无弹窗版)
- Host: GitHub
- URL: https://github.com/zha0gongz1/iscsicpl_bypassUAC
- Owner: zha0gongz1
- Fork: true (hackerhouse-opensource/iscsicpl_bypassUAC)
- Created: 2022-09-05T02:39:03.000Z (over 2 years ago)
- Default Branch: main
- Last Pushed: 2022-09-05T03:30:34.000Z (over 2 years ago)
- Last Synced: 2024-08-05T17:27:06.813Z (5 months ago)
- Language: C++
- Homepage:
- Size: 174 KB
- Stars: 281
- Watchers: 7
- Forks: 29
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
- awesome-hacking-lists - zha0gongz1/iscsicpl_bypassUAC - UAC bypass for x64 Windows 7 - 11(无弹窗版) (C++)
README
# iscsicpl autoelevate DLL Search Order hijacking UAC Bypass 0day
The iscsicpl.exe binary is vulnerable to a DLL Search Order hijacking
vulnerability when running 32bit Microsoft binary on a 64bit host via
SysWOW64. The 32bit binary, will perform a search within user %Path%
for the DLL iscsiexe.dll. This can be exploited using a Proxy DLL to
execute code via "iscsicpl.exe" as autoelevate is enabled. This exploit
has been tested against the following versions of Windows desktop:
* Windows 11 Enterprise x64 (Version 10.0.22000.739).
* Windows 8.1 Professional x64 (Version 6.3.9600).
# Usage
```powershell
iscsicpl_bypassUAC.exe "reg save hklm\sam C:\xx\sam.hive"
iscsicpl_bypassUAC.exe "C:\Windows\System32\cmd.exe"
```
These files are available under a Attribution-NonCommercial-NoDerivatives 4.0 International license.