关联漏洞
标题:Thales SafeNet 安全漏洞 (CVE-2024-0197)Description:Thales SafeNet是美国Thales公司的一个企业身份验证,数据加密和密钥管理解决方案。 Thales SafeNet Sentinel HASP LDK 9.16之前版本存在安全漏洞,该漏洞源于安装程序中存在缺陷,允许攻击者通过本地访问升级权限。
Description
Proof of concept for Local Privilege Escalation in Thales Sentinel HASP LDK.
介绍
# CVE-2024-0197-POC
Proof of concept for Local Privilege Escalation in Thales Sentinel HASP LDK.
I initially wanted to develop one, but eventually that turned out to be unnecessary.
There is no race condition to win, and a simple DLL search order hijacking from a known location suffices to attain SYSTEM.
We simply:
1. compile raw.cpp as fltlib.dll and put it into AppData\Local\Temp (it has to be a proper proxy DLL leading to C:\Windows\System32\fltlib.dll).
2. then just run msiexec.exe /fa PATH_TO_MSI.
文件快照
[4.0K] /data/pocs/d25e4f09eca790382e6f9640992207a9454f48ee
├── [161K] DLL_hijacking.png
├── [283K] GOT_SYSTEM1.PNG
├── [ 11K] installer_in_dir.PNG
├── [5.0K] raw.cpp
├── [ 509] README.md
└── [192K] vulnerable_process_creation.png
0 directories, 6 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。