Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/zha0gongz1/iscsicpl_bypassUAC

UAC bypass for x64 Windows 7 - 11(无弹窗版)
https://github.com/zha0gongz1/iscsicpl_bypassUAC

Last synced: 21 days ago
JSON representation

UAC bypass for x64 Windows 7 - 11(无弹窗版)

Awesome Lists containing this project

README

        

# iscsicpl autoelevate DLL Search Order hijacking UAC Bypass 0day

The iscsicpl.exe binary is vulnerable to a DLL Search Order hijacking
vulnerability when running 32bit Microsoft binary on a 64bit host via
SysWOW64. The 32bit binary, will perform a search within user %Path%
for the DLL iscsiexe.dll. This can be exploited using a Proxy DLL to
execute code via "iscsicpl.exe" as autoelevate is enabled. This exploit
has been tested against the following versions of Windows desktop:

* Windows 11 Enterprise x64 (Version 10.0.22000.739).
* Windows 8.1 Professional x64 (Version 6.3.9600).

# Usage

```powershell
iscsicpl_bypassUAC.exe "reg save hklm\sam C:\xx\sam.hive"

iscsicpl_bypassUAC.exe "C:\Windows\System32\cmd.exe"
```

These files are available under a Attribution-NonCommercial-NoDerivatives 4.0 International license.