what you don't know can hurt you

Register | Login

FilesNewsUsersAuthors

Home Files News &[SERVICES_TAB]About Contact Add New

Showing 1 - 2 of 2

Files from Yarden Shafir

Ancillary Function Driver (AFD) For Winsock Privilege Escalation

Posted Mar 30, 2023

Authored by Christophe de la Fuente, b33f, Yarden Shafir, chompie | Site metasploit.com

A vulnerability exists in the Windows Ancillary Function Driver for Winsock (afd.sys) can be leveraged by an attacker to escalate privileges to those of NT AUTHORITY\SYSTEM. Due to a flaw in AfdNotifyRemoveIoCompletion, it is possible to create an arbitrary kernel Write-Where primitive, which can be used to manipulate internal I/O ring structures and achieve local privilege escalation. This exploit only supports Windows 11 22H2 up to build 22621.963 (patched in January 2023 updates).

tags | exploit, arbitrary, kernel, local

systems | windows

advisories | CVE-2023-21768

SHA-256 | d5a189a643f3c07d66a853b96018a65f135901780840ff23dc17f6a405330ebb

Download | Favorite | View

Microsoft Spooler Local Privilege Elevation

Posted Sep 17, 2020

Authored by bwatters-r7, shubham0d, Yarden Shafir, Alex Ionescu | Site metasploit.com

This exploit leverages a file write vulnerability in the print spooler service which will restart if stopped. Because the service cannot be stopped long enough to remove the dll, there is no way to remove the dll once it is loaded by the service. Essentially, on default settings, this module adds a permanent elevated backdoor.

tags | exploit

advisories | CVE-2020-1048

SHA-256 | 042eb96d4be3493ee746dfaae2491220ba9b12278e37c6ccaaa1b2d1f175f42f

Download | Favorite | View