漏洞平台

POC详情： b12e3f3c9164a78403a1c80ae660c241d272508f

来源

https://github.com/ISH2YU/CVE-2023-36802

关联漏洞

标题： Microsoft Streaming Service 安全漏洞 (CVE-2023-36802)
描述：Microsoft Streaming Service是美国微软（Microsoft）公司的一个视频平台。 Microsoft Streaming Service存在安全漏洞。攻击者利用该漏洞可以提升权限。以下产品和版本受到影响：Windows 10 Version 1809 for 32-bit Systems,Windows 10 Version 1809 for x64-based Systems,Windows 10 Version 1809 for ARM64-based Systems,Win

描述

Procedure to Recreate the Exploit for CVE-2023-36802 targeting MSKSSRV.SYS driver

介绍

## POC Recreating CVE 2023-36802
### Microsoft Streaming Service Proxy Privilege Escalation Vulnerability

 Procedure to Recreate the Exploit for CVE-2023-36802 targeting **MSKSSRV.SYS** driver

## Prequisites 
If You want to Understand how this Exploit is working , Go through this [Blog](https://securityintelligence.com/x-force/critically-close-to-zero-day-exploiting-microsoft-kernel-streaming-service/)

This CVE is actually the Bypass of Another CVE which is CVE-2023-29360 , Go through That Also its mentioned in Blog I have linked above 

If You want to check if your Windows has MSKSSRV.SYS driver
- Open Command Prompt , Go to this Path : dir
```sh
C:\Windows\System32\drivers> dir
```
![alt text](Assets/drivecheck.png)




## Windows Version

This is the list of Version of Windows where its Vulnerable to this CVE :-

![alt text](Assets/version.png)

- I would say you should perefer Installing **21h2** version of Windows VM 


## Steps to Recreate :-

- You can find Iso-Image file in this [link](https://www.getmyos.com/) (Note: I dont guarantee safety of this link)
- Boot-Up the Iso-Image file in your Virtual Box / Vmware
- Install Visual Studio in that VM ( Not Visual Studio Code )
- Clone the Repository or Download the Zip 
- After the Installtion is complete , Open your `CVE-2023-36802_Win10.sln` in it
- Build < Run

文件快照


 [4.0K]  /data/pocs/b12e3f3c9164a78403a1c80ae660c241d272508f
├── [4.0K]  Assets
│   ├── [110K]  drive
│   ├── [ 62K]  drivecheck.png
│   ├── [   1]  Images
│   ├── [ 89K]  streaming.png
│   └── [130K]  version.png
├── [4.0K]  cve-2023-36802-main
│   ├── [4.0K]  CVE-2023-36802_Win10-11
│   │   ├── [1.0K]  crc32.h
│   │   ├── [1.0K]  CVE-2023-36802_Win10-11.filters
│   │   ├── [ 165]  CVE-2023-36802_Win10-11.user
│   │   ├── [6.9K]  CVE-2023-36802_Win10-11.vcxproj
│   │   ├── [ 165]  CVE-2023-36802_Win10-11.vcxproj.user
│   │   ├── [ 21K]  exploit.c
│   │   ├── [6.6K]  Types.h
│   │   └── [4.0K]  x64
│   │       └── [4.0K]  Release
│   │           ├── [ 321]  CVE-2023-36802.exe.recipe
│   │           ├── [4.0K]  CVE-2023-36802.tlog
│   │           │   ├── [2.5K]  CL.command.1.tlog
│   │           │   ├── [ 198]  Cl.items.tlog
│   │           │   ├── [ 26K]  CL.read.1.tlog
│   │           │   ├── [ 614]  CL.write.1.tlog
│   │           │   ├── [ 187]  CVE-2023-36802.lastbuildstate
│   │           │   ├── [1.6K]  link.command.1.tlog
│   │           │   ├── [4.3K]  link.read.1.tlog
│   │           │   ├── [ 107]  link.secondary.1.tlog
│   │           │   └── [ 578]  link.write.1.tlog
│   │           ├── [6.8K]  CVE-2023-36802_Win10-11.log
│   │           ├── [ 90K]  exploit.obj
│   │           └── [116K]  vc143.pdb
│   ├── [1.4K]  CVE-2023-36802_Win10-11.sln
│   └── [4.0K]  x64
│       └── [4.0K]  Release
│           ├── [194K]  CVE-2023-36802.exe
│           └── [4.2M]  CVE-2023-36802.pdb
└── [1.3K]  README.md

8 directories, 29 files

神龙机器人已为您缓存

备注

1. 建议优先通过来源进行访问。

2. 如果因为来源失效或无法访问，请发送邮箱到 f.jinxu#gmail.com 索取本地快照（把 # 换成 @）。

3. 神龙已为您对POC代码进行快照，为了长期维护，请考虑为本地POC付费，感谢您的支持。