CVE-2021-36934 PoC — Microsoft Windows 访问控制错误漏洞

Source

https://github.com/websecnl/CVE-2021-36934

Associated Vulnerability

Title:Microsoft Windows 访问控制错误漏洞 (CVE-2021-36934)
Description:Microsoft Windows是美国微软（Microsoft）公司的一种桌面操作系统。 Microsoft Windows 存在访问控制错误漏洞，该漏洞源于系统对多个系统文件的访问控制列表过于宽松，因此存在特权提升漏洞。成功利用此漏洞的攻击者可以使用SYSTEM权限运行任意代码。

Description

SeriousSAM Auto Exploiter

Readme

# CVE-2021-36934
SeriousSAM Auto Exploiter

# Requirements
- HiveNightmare , executable or a DLL equivelant of it (the DLL equivelant would require some code modifications in order to run it through rundll32, this could be useful when you run into applocker environments.)
- dump.exe m  which is a pyinstaller compiled secretsdump.py so its pretty large since it contains all modules and python itself into it. (Reason you dont need this as a DLL because you can also invoke this server side along with the hashcat API if you want, that would actually be way more effective and stealthy)
- hashcat API , this is a PHP API I made to pass hashes into which can crack most hashes within 5-10 seconds, this is way more efficient than NTLM rainbow tables. 
You can see the code here: https://github.com/websecnl/hashcat-php-API


This project is not yet finished but suite yourself and make something cool from it, just do it for Educational and Research purposes and not for the purpose to do harm to others!

File Snapshot


 [4.0K]  /data/pocs/1bc6e4232d64e8e35bcf070fd5760aefbb3eea18
├── [ 19M]  dump.exe
├── [1005]  README.md
└── [1.4K]  workinprogress.py

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!