CVE-2024-0197 PoC — Thales SafeNet 安全漏洞

Source

https://github.com/ewilded/CVE-2024-0197-POC

Associated Vulnerability

Title:Thales SafeNet 安全漏洞 (CVE-2024-0197)
Description:Thales SafeNet是美国Thales公司的一个企业身份验证，数据加密和密钥管理解决方案。 Thales SafeNet Sentinel HASP LDK 9.16之前版本存在安全漏洞，该漏洞源于安装程序中存在缺陷，允许攻击者通过本地访问升级权限。

Description

Proof of concept for Local Privilege Escalation in Thales Sentinel HASP LDK.

Readme

# CVE-2024-0197-POC
Proof of concept for Local Privilege Escalation in Thales Sentinel HASP LDK.
I initially wanted to develop one, but eventually that turned out to be unnecessary.
There is no race condition to win, and a simple DLL search order hijacking from a known location suffices to attain SYSTEM.

We simply:
1. compile raw.cpp as fltlib.dll and put it into AppData\Local\Temp (it has to be a proper proxy DLL leading to C:\Windows\System32\fltlib.dll).
2. then just run msiexec.exe /fa PATH_TO_MSI.

File Snapshot


 [4.0K]  /data/pocs/d25e4f09eca790382e6f9640992207a9454f48ee
├── [161K]  DLL_hijacking.png
├── [283K]  GOT_SYSTEM1.PNG
├── [ 11K]  installer_in_dir.PNG
├── [5.0K]  raw.cpp
├── [ 509]  README.md
└── [192K]  vulnerable_process_creation.png

0 directories, 6 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!