POC详情: 29620f7a72944b801bbc1dbfbbc623062ef33623

来源
https://github.com/OlivierLaflamme/CVE-2021-36934-export-shadow-volume-POC
关联漏洞
标题: Microsoft Windows 访问控制错误漏洞 (CVE-2021-36934)
描述:Microsoft Windows是美国微软(Microsoft)公司的一种桌面操作系统。 Microsoft Windows 存在访问控制错误漏洞,该漏洞源于系统对多个系统文件的访问控制列表过于宽松,因此存在特权提升漏洞。成功利用此漏洞的攻击者可以使用SYSTEM权限运行任意代码。
介绍
CVE-2021–36934

The derived hash is used for forgery such as PTH and bills. There is no detailed analysis here. 

In addition, given that access rights to most system files can be obtained, there should be more than this one method of exploitation, including Microsoft officials, which have also characterized it as a privilege escalation vulnerability.

A simple script is used to export files from volume shadows, and only provides ideas. In view of the fact that there is no administrator authority, it is easier to write by yourself, and it is easier to avoid killing than mimikatz, and the effect should be better. Everyone has different opinions.


All versions after Windows 10 version 1809
文件快照

 [4.0K]  /data/pocs/29620f7a72944b801bbc1dbfbbc623062ef33623
├── [ 700]  README.md
└── [3.0K]  script.cs

0 directories, 2 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。