POC详情: 5452a03c7960cece86cd6300345c91bd9a470438

来源
https://github.com/WiredPulse/Invoke-HiveNightmare
关联漏洞
标题: Microsoft Windows 访问控制错误漏洞 (CVE-2021-36934)
描述:Microsoft Windows是美国微软(Microsoft)公司的一种桌面操作系统。 Microsoft Windows 存在访问控制错误漏洞,该漏洞源于系统对多个系统文件的访问控制列表过于宽松,因此存在特权提升漏洞。成功利用此漏洞的攻击者可以使用SYSTEM权限运行任意代码。
描述
PoC for CVE-2021-36934, which enables a standard user to be able to retrieve the SAM, Security, and Software Registry hives in Windows 10 version 1809 or newer
介绍
# Invoke-HiveNightmare
PowerShell-based PoC for CVE-2021-36934, which enables a standard user to be able to retrieve the SAM, Security, and Software Registry hives in Windows 10 version 1809 or newer.

# Situation
In specific versions of Windows 10, standard users have read/execute rights to files in [SYSTEMROOT]\System32\Config directory, which is where the Registry hives reside on disk. One can't however, simply navigate to the directory and copy/paste as the hives are loaded and into memory upon system boot and are locked. A standard user can retrieve the hives from Volume Shadow Copies if they exist. 

# Demo
![ Alt text](https://github.com/WiredPulse/Invoke-HiveNightmare/blob/main/PoC.gif) / ! [](name-of-gif-file. gif)

# Disclaimer
The success of this exploit resides on the fact that Volume Shadows Copies exist... without them the code isn't useful. 

# Credits
The vulnerability was discovered by @jonasLyk.
文件快照

 [4.0K]  /data/pocs/5452a03c7960cece86cd6300345c91bd9a470438
├── [2.6K]  Invoke-HiveNightmare.ps1
├── [308K]  PoC.gif
└── [ 927]  README.md

0 directories, 3 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。