漏洞平台

POC详情： 2ab2149f65752652a545eb4e60fd2dce6295df1f

来源

https://github.com/duck-sec/CVE-2023-28252-Compiled-exe

关联漏洞

标题： Microsoft Windows Common Log File System Driver 安全漏洞 (CVE-2023-28252)
描述：Microsoft Windows Common Log File System Driver是美国微软（Microsoft）公司的通用日志文件系统 (CLFS) API 提供了一个高性能、通用的日志文件子系统，专用客户端应用程序可以使用该子系统并且多个客户端可以共享以优化日志访问。 Microsoft Windows Common Log File System Driver存在安全漏洞。以下产品和版本受到影响：Windows 10 Version 20H2 for 32-bit Systems,Win

描述

A modification to fortra's CVE-2023-28252 exploit, compiled to exe

介绍

# CVE-2023-28252-Compiled-exe

A modification of Fortra's excellent CVE-2023-2852 Privesc Exploit. Works on Windows 11 21H2 clfs.sys version 10.0.22000.1574 - also works on Windows 10 21H2, Windows 10 22H2, Windows 11 22H2 and Windows server 2022.
This version retains the original functionality, but gives the option to provide a binary to execute as an argument, useful if you don't have visual studio to hand. 

## Description

For a (very) detailed explanation of the vulnerability, please see https://github.com/fortra/CVE-2023-28252/tree/master?tab=readme-ov-file


## Usage

- Build the project with visual studio if you prefer
- Use the pre compiled exploit.exe if you prefer
- Run with: `exploit.exe <Token Offset> <Flag> <Program to execute>`
- Example: `exploit.exe 1208 1 calc.exe`


## Example

[CVE-2023-28252.webm](https://github.com/duck-sec/CVE-2023-28252-Compiled-exe/assets/129839654/27f286d7-e0e3-47ab-864a-e040f8749708)



## Credits
This exploit builds on the oiringal POC by [Fortra](https://github.com/fortra/CVE-2023-28252/tree/master?tab=readme-ov-file). Please read their excellent documentation!

## Disclaimer
This code is provided for educational and ethical security testing purposes only. It should be used responsibly and only in environments where explicit authorization has been granted. Unauthorized or malicious use is strictly prohibited. By using this code, you agree to adhere to all applicable laws, regulations, and ethical standards applicable in your jurisdiction. The creators and contributors disclaim any liability for any damages or consequences arising from the misuse or unauthorized use of this code.

文件快照


 [4.0K]  /data/pocs/2ab2149f65752652a545eb4e60fd2dce6295df1f
├── [4.0K]  clfs_eop
│   ├── [ 42K]  clfs_eop.cpp
│   ├── [2.3K]  clfs_eop.h
│   ├── [7.3K]  clfs_eop.vcxproj
│   ├── [1.2K]  clfs_eop.vcxproj.filters
│   ├── [ 165]  clfs_eop.vcxproj.user
│   ├── [ 918]  crc32.h
│   ├── [164K]  ntos.h
│   ├── [879K]  ntoskrnl.lib
│   └── [4.0K]  x64
│       ├── [4.0K]  Debug
│       │   ├── [1.5K]  clfs_eop.log
│       │   ├── [4.0K]  clfs_eop.tlog
│       │   │   ├── [   2]  CL.command.1.tlog
│       │   │   ├── [ 167]  clfs_eop.lastbuildstate
│       │   │   └── [   0]  unsuccessfulbuild
│       │   ├── [ 40K]  vc143.idb
│       │   └── [230K]  vc143.pdb
│       └── [4.0K]  Release
│           ├── [ 297]  clfs_eop.exe.recipe
│           ├── [ 950]  clfs_eop.log
│           ├── [621K]  clfs_eop.obj
│           ├── [4.0K]  clfs_eop.tlog
│           │   ├── [ 736]  CL.command.1.tlog
│           │   ├── [ 169]  clfs_eop.lastbuildstate
│           │   ├── [ 41K]  CL.read.1.tlog
│           │   ├── [ 424]  CL.write.1.tlog
│           │   ├── [1.4K]  link.command.1.tlog
│           │   ├── [4.7K]  link.read.1.tlog
│           │   └── [ 418]  link.write.1.tlog
│           └── [444K]  vc142.pdb
├── [1.4K]  clfs_eop.sln
├── [358K]  exploit.exe
├── [ 11K]  LICENSE
├── [1.6K]  README.md
└── [4.0K]  x64
    └── [4.0K]  Release
        ├── [358K]  clfs_eop.exe
        ├── [5.6M]  clfs_eop.pdb
        └── [358K]  exploit.exe

8 directories, 32 files

神龙机器人已为您缓存

备注

1. 建议优先通过来源进行访问。

2. 如果因为来源失效或无法访问，请发送邮箱到 f.jinxu#gmail.com 索取本地快照（把 # 换成 @）。

3. 神龙已为您对POC代码进行快照，为了长期维护，请考虑为本地POC付费，感谢您的支持。