CVE-2023-36802 PoC — Microsoft Streaming Service 安全漏洞

Source

https://github.com/ISH2YU/CVE-2023-36802

Associated Vulnerability

Title:Microsoft Streaming Service 安全漏洞 (CVE-2023-36802)
Description:Microsoft Streaming Service是美国微软（Microsoft）公司的一个视频平台。 Microsoft Streaming Service存在安全漏洞。攻击者利用该漏洞可以提升权限。以下产品和版本受到影响：Windows 10 Version 1809 for 32-bit Systems,Windows 10 Version 1809 for x64-based Systems,Windows 10 Version 1809 for ARM64-based Systems,Win

Description

Procedure to Recreate the Exploit for CVE-2023-36802 targeting MSKSSRV.SYS driver

Readme

## POC Recreating CVE 2023-36802
### Microsoft Streaming Service Proxy Privilege Escalation Vulnerability

 Procedure to Recreate the Exploit for CVE-2023-36802 targeting **MSKSSRV.SYS** driver

## Prequisites 
If You want to Understand how this Exploit is working , Go through this [Blog](https://securityintelligence.com/x-force/critically-close-to-zero-day-exploiting-microsoft-kernel-streaming-service/)

This CVE is actually the Bypass of Another CVE which is CVE-2023-29360 , Go through That Also its mentioned in Blog I have linked above 

If You want to check if your Windows has MSKSSRV.SYS driver
- Open Command Prompt , Go to this Path : dir
```sh
C:\Windows\System32\drivers> dir
```
![alt text](Assets/drivecheck.png)




## Windows Version

This is the list of Version of Windows where its Vulnerable to this CVE :-

![alt text](Assets/version.png)

- I would say you should perefer Installing **21h2** version of Windows VM 


## Steps to Recreate :-

- You can find Iso-Image file in this [link](https://www.getmyos.com/) (Note: I dont guarantee safety of this link)
- Boot-Up the Iso-Image file in your Virtual Box / Vmware
- Install Visual Studio in that VM ( Not Visual Studio Code )
- Clone the Repository or Download the Zip 
- After the Installtion is complete , Open your `CVE-2023-36802_Win10.sln` in it
- Build < Run

File Snapshot


 [4.0K]  /data/pocs/b12e3f3c9164a78403a1c80ae660c241d272508f
├── [4.0K]  Assets
│   ├── [110K]  drive
│   ├── [ 62K]  drivecheck.png
│   ├── [   1]  Images
│   ├── [ 89K]  streaming.png
│   └── [130K]  version.png
├── [4.0K]  cve-2023-36802-main
│   ├── [4.0K]  CVE-2023-36802_Win10-11
│   │   ├── [1.0K]  crc32.h
│   │   ├── [1.0K]  CVE-2023-36802_Win10-11.filters
│   │   ├── [ 165]  CVE-2023-36802_Win10-11.user
│   │   ├── [6.9K]  CVE-2023-36802_Win10-11.vcxproj
│   │   ├── [ 165]  CVE-2023-36802_Win10-11.vcxproj.user
│   │   ├── [ 21K]  exploit.c
│   │   ├── [6.6K]  Types.h
│   │   └── [4.0K]  x64
│   │       └── [4.0K]  Release
│   │           ├── [ 321]  CVE-2023-36802.exe.recipe
│   │           ├── [4.0K]  CVE-2023-36802.tlog
│   │           │   ├── [2.5K]  CL.command.1.tlog
│   │           │   ├── [ 198]  Cl.items.tlog
│   │           │   ├── [ 26K]  CL.read.1.tlog
│   │           │   ├── [ 614]  CL.write.1.tlog
│   │           │   ├── [ 187]  CVE-2023-36802.lastbuildstate
│   │           │   ├── [1.6K]  link.command.1.tlog
│   │           │   ├── [4.3K]  link.read.1.tlog
│   │           │   ├── [ 107]  link.secondary.1.tlog
│   │           │   └── [ 578]  link.write.1.tlog
│   │           ├── [6.8K]  CVE-2023-36802_Win10-11.log
│   │           ├── [ 90K]  exploit.obj
│   │           └── [116K]  vc143.pdb
│   ├── [1.4K]  CVE-2023-36802_Win10-11.sln
│   └── [4.0K]  x64
│       └── [4.0K]  Release
│           ├── [194K]  CVE-2023-36802.exe
│           └── [4.2M]  CVE-2023-36802.pdb
└── [1.3K]  README.md

8 directories, 29 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!