CYBER MONGOL
  • ASATA
  • Our Journey
  • Intelligence Engine
  • Human-Machine Teaming
  • Operator Research
  • Achievements and Media
  • Counter Intelligence
  • ASATA
  • Our Journey
  • Intelligence Engine
  • Human-Machine Teaming
  • Operator Research
  • Achievements and Media
  • Counter Intelligence
Search by typing & pressing enter

YOUR CART

4/22/2021

Exploiting CVE-2021-26415 on Windows 10 for Privilege Escalation

​*Exploiting CVE-2021-26415 on Windows 10 for Privilege Escalation* Working with an interesting vector today which leverages crafting a malicious .msi package and utilizes a symlink attack, resulting in the creation of a new local user and adding them to the local administrators group. The user creation is triggered when someone launches an administrative PowerShell session and the command (net user FooBar P@ssw0rd /add ; net localgroup Administrators FooBar /add ) is loaded from “C:\Windows\System32\WindowsPowerShell\v1.0\profile.ps1”. This vector has been patched by Windows updates on 2021-04-13. All pertinent info can be found below:
 
PoC Author writeup: https://www.cloaked.pl/2021/04/cve-2021-26415/
 
BaitandSwitch Tool: https://github.com/googleprojectzero/symboliclink-testing-tools
 
Privileged File Operation Abuses: An introduction to privileged file operation abuse on Windows - Almond Offensive Security Blog
 
 
#infosec #cybersecurity #informationsecurity #threatintelligence #networksecurity #sec #security #tools #offensivesecurity #pentesting #redteam #blueteam

Comments are closed.

    Archives

    December 2021
    November 2021
    October 2021
    July 2021
    June 2021
    May 2021
    April 2021
    March 2021
    February 2021
    January 2021
    September 2020
    August 2020
    July 2020

    Categories

    All

    RSS Feed

contact us:
© COPYRIGHT 2015. ALL RIGHTS RESERVED.