CVE-2023-27470 PoC — N-able Take Control Agent 安全漏洞

来源

关联漏洞

介绍

# CVE-2023-27470 EoP via Arbirary File Deletion Exercise

This repository contains a local privilege escalation exercise that replicates CVE-2023-27470. Your mission, should you choose to accept it, find the vulnerability and get a SYSTEM Command Prompt! If you would like the jump to the solution, look at `solution.txt`. Read more about arbitrary file deletion vulnerabilities and its risks at [Deleting Your Way Into SYSTEM: Why Arbitrary File Deletion Vulnerabilities Matter].

Author: Andrew Oliveau (@AndrewOliveau)

## Exercise Set Up Instructions

1. Use a Windows VM configured with 2 processors and 2 cores per processor
2. Create `C:\ProgramData\logs` folder with elevated account and add `log.txt` into it
3. Run `CVE-2023-27470_Exercise.exe` with elevated account. If you see "Error opening directory: 3", that is OK. Consider it a hint...

Optional: Create a protected file and/or folder with elevated account to test file deletion 

Bonus: Run `CVE-2023-27470_Mitigated.exe` to test Microsoft's `ProcessRedirectionTrustPolicy` mitigation policy. 

## Building Yourself

Should you choose to compile it yourself, use the provided `CVE-2023-27470_Exercise.sln` Visual Studio project and make sure your are using Windows SDK version 10.0.20348.0.


[Deleting Your Way Into SYSTEM: Why Arbitrary File Deletion Vulnerabilities Matter]: https://www.mandiant.com/resources/blog/arbitrary-file-deletion-vulnerabilities

文件快照

 [4.0K]  /data/pocs/b9f7cf18e5e6e96bc909bd19433424b5d77b52bc
├── [4.0K]  CVE-2023-27470_Exercise
│   ├── [2.4K]  CVE-2023-27470_Exercise.cpp
│   ├── [ 996]  CVE-2023-27470_Exercise.filters
│   ├── [ 168]  CVE-2023-27470_Exercise.user
│   ├── [6.6K]  CVE-2023-27470_Exercise.vcxproj
│   └── [ 168]  CVE-2023-27470_Exercise.vcxproj.user
├── [294K]  CVE-2023-27470_Exercise.exe
├── [1.5K]  CVE-2023-27470_Exercise.sln
├── [294K]  CVE-2023-27470_Mitigated.exe
├── [1.4K]  README.md
└── [1.6K]  solution.txt

1 directory, 10 files

备注