exploit the possibilities
Showing 1 - 25 of 109 RSS Feed

Files from James Forshaw

Email addressforshaw at google.com
First Active2011-08-11
Last Active2021-07-29
Microsoft Exchange AD Schema Misconfiguration Privilege Escalation
Posted Jul 29, 2021
Authored by James Forshaw, Google Security Research

The msExchStorageGroup schema class added during Exchange installation can be used to create almost any AD object including users, groups or domain trusts leading to elevation of privilege.

tags | exploit
advisories | CVE-2021-34470
MD5 | 5f885a87a9be3f10bfe9e9e4c08c923c
Microsoft Windows WFP Default Rules AppContainer Capability Bypass Privilege Escalation
Posted Jul 20, 2021
Authored by James Forshaw, Google Security Research

The default rules for the WFP connect layers permit certain executables to connect TCP sockets in AppContainers without capabilities leading to elevation of privilege.

tags | exploit, tcp
MD5 | 37069deaf47980f1a4c39f62bc13ce25
Microsoft Windows CreateProcessWithLogon Write Restricted Service Privilege Escalation
Posted Jul 14, 2021
Authored by James Forshaw, Google Security Research

Microsoft Windows has an issue where you can use the CreateProcessWithLogon API to escape a write restricted service and achieve full write access as the service user.

tags | exploit
systems | windows
MD5 | 00f7a019dea4bf3a1d19442fae579890
Microsoft Windows Filtering Platform Token Access Check Privilege Escalation
Posted Jun 23, 2021
Authored by James Forshaw, Google Security Research

The Windows Filtering Platform does not verify the token impersonation level when checking filters allowing the bypass of firewall rules leading to elevation of privilege.

tags | exploit
systems | windows
advisories | CVE-2021-31970
MD5 | 982aa6db9c233f089f2999f0cd8711c3
Windows Kerberos AppContainer Enterprise Authentication Capability Bypass
Posted Jun 17, 2021
Authored by James Forshaw, Google Security Research

Kerberos supports a security buffer to set the target SPN of a ticket bypassing the SPN check in LSASS.

tags | exploit
advisories | CVE-2021-26414, CVE-2021-31962
MD5 | 3ff870010a0eb4e32567d271f6a816ba
Microsoft Windows TokenMagic Privilege Escalation
Posted May 17, 2021
Authored by James Forshaw, bwatters-r7, jheysel-r7, Ruben Boonen | Site metasploit.com

This Metasploit module leverages a UAC bypass (TokenMagic) in order to spawn a process/conduct a DLL hijacking attack to gain SYSTEM-level privileges. Windows 7 through Windows 10 1803 are affected.

tags | exploit
systems | windows, 7
MD5 | e005d737a38c7d7f659e8866135faf12
Windows Container Manager Service CmsRpcSrv_MapNamedPipeToContainer Privilege Escalation
Posted May 12, 2021
Authored by James Forshaw, Google Security Research

The Container Manager Service does not configure STORVSP correctly when opening mapped named pipes leading to privilege escalation.

tags | exploit
advisories | CVE-2021-31167
MD5 | 970b0826e9c53e62fb981f362a8095f7
Windows Container Manager Service Arbitrary Object Directory Creation Privilege Escalation
Posted May 12, 2021
Authored by James Forshaw, Google Security Research

The Container Manager Service creates an AppContainer process without impersonating the access token leading to privilege escalation.

tags | exploit
advisories | CVE-2021-31169
MD5 | ad4654c8ed7054c3225224811ba94b15
Windows Container Manager Service CmsRpcSrv_MapVirtualDiskToContainer Privilege Escalation
Posted May 12, 2021
Authored by James Forshaw, Google Security Research

The Container Manager Service does not impersonate the caller when granting access to virtual disk images leading to privilege escalation.

tags | exploit
advisories | CVE-2021-31168
MD5 | ae8247dda745d9d8d6c85bfb03878028
Windows Container Manager Service CmsRpcSrv_CreateContainer Privilege Escalation
Posted May 12, 2021
Authored by James Forshaw, Google Security Research

The Container Manager Service accepts an access token provided by the user without verification allowing an arbitrary process to be created with another user identity leading to privilege escalation.

tags | exploit, arbitrary
advisories | CVE-2021-31165
MD5 | 12c1abb8e71fc62e306c9bc1dea254d3
Mozilla Windows Maintenance Service Weak DACL
Posted May 11, 2021
Authored by James Forshaw, Google Security Research

Mozilla's Firefox 85 for Windows has a weak DACL for domain networks.

tags | exploit
systems | windows
advisories | CVE-2021-29951
MD5 | 51ec5afa13bba26be3fb02a3fedaa898
Microsoft Windows SCM Remote Access Check Limit Bypass Privilege Escalation
Posted Apr 14, 2021
Authored by James Forshaw, Google Security Research

The access limit check for non-local admins when accessing the SCM remotely can be bypassed by requesting MAXIMUM_ALLOWED, leading to gaining access to start services etc.

tags | exploit, local
advisories | CVE-2021-27086
MD5 | 281e52fe6059770b5acb2e965164e4a3
Microsoft Windows Containers Host Registry Privilege Escalation
Posted Mar 10, 2021
Authored by James Forshaw, Google Security Research

Microsoft Windows Containers Host Registry Virtual Registry Provider does not correctly handle relative opens leading to a process in a server silo being able to access the host registry leading to elevation of privilege.

tags | exploit, registry
systems | windows
advisories | CVE-2021-26864
MD5 | 6305bd287c8bfb28100d961cbddfdabb
Microsoft Windows Containers Privilege Escalation
Posted Mar 10, 2021
Authored by James Forshaw, Google Security Research

The standard user ContainerUser in a Windows Container has elevated privileges and High integrity level which results in making it administrator equivalent even though it should be a restricted user.

tags | exploit
systems | windows
advisories | CVE-2021-26891
MD5 | 70e9e9e164d2ee60daaa05a5afd67fe4
Microsoft Windows Containers AppSilo Object Manager Privilege Escalation
Posted Mar 10, 2021
Authored by James Forshaw, Google Security Research

Microsoft Windows has an issue with containers where the kernel incorrectly chooses the wrong silo when looking up the root object manager directory leading to elevation of privilege.

tags | exploit, kernel, root
systems | windows
advisories | CVE-2021-26865
MD5 | d249fdb9dab1efdef449b7c32504cdc9
Microsoft Windows Server Silo Registry Key Symbolic Link Privilege Escalation
Posted Feb 10, 2021
Authored by James Forshaw, Google Security Research

Microsoft Windows has a privilege escalation vulnerability. When a process is running in a server silo, the checks for trusted hive registry key symbolic links is disabled leading to elevation of privilege.

tags | exploit, registry
systems | windows
advisories | CVE-2021-24096
MD5 | 91697f9020080e5254805aa5e5e1cc57
Microsoft Windows WOF FSCTL_SET_REPARSE_POINT_EX Cached Signing Level Bypass
Posted Dec 9, 2020
Authored by James Forshaw, Google Security Research

The Microsoft Windows WOF filter driver does not correctly handle the reparse point setting which allows for an arbitrary file to be cached signed leading to a bypass of UMCI.

tags | exploit, arbitrary
systems | windows
advisories | CVE-2020-17139
MD5 | 6ef17e92e2a41526202eea6e0a2e23cb
Microsoft Windows Cloud Filter HsmOsBlockPlaceholderAccess Registry Key Creation / Privilege Escalation
Posted Dec 9, 2020
Authored by James Forshaw, Google Security Research

The Microsoft Windows Cloud Filter HsmOsBlockPlaceholderAccess function allows a user to create arbitrary registry keys in the .DEFAULT users hive leading to elevation of privilege.

tags | exploit, arbitrary, registry
systems | windows
advisories | CVE-2020-17103
MD5 | 1dedadce5dfb6b98c3be28c5271c765b
Microsoft Windows Cloud Filter HsmpAccessCheck Bypass / Privilege Escalation
Posted Dec 9, 2020
Authored by James Forshaw, Google Security Research

The Microsoft Windows Cloud Filter access check does not take into account restrictions such as Mandatory Labels allowing a user to bypass security checks.

tags | exploit
systems | windows
advisories | CVE-2020-17134
MD5 | 294319a3f3e1683a3a6a445f71aca87b
Microsoft Windows Cloud Filter Arbitrary File Creation / Privilege Escalation
Posted Dec 9, 2020
Authored by James Forshaw, Google Security Research

The Microsoft Windows Cloud Filter driver can be abused to create arbitrary files and directories leading to elevation of privilege.

tags | exploit, arbitrary
systems | windows
advisories | CVE-2020-17136
MD5 | f7cc7661ed092a8d29bb9c6c8f666a6e
Microsoft Windows Local Spooler Bypass
Posted Nov 11, 2020
Authored by James Forshaw, Google Security Research

Microsoft Windows suffers from a local spooler bypass vulnerability.

tags | exploit, local, bypass
systems | windows
advisories | CVE-2020-1337, CVE-2020-17001
MD5 | 3f3c10cd2d2b0c404a73cddec7d03575
Microsoft Windows StorageFolder Marshaled Object Access Check Bypass / Privilege Escalation
Posted Sep 8, 2020
Authored by James Forshaw, Google Security Research

The StorageFolder class when used out of process can bypass security checks to read and write files not allowed to an AppContainer.

tags | exploit
advisories | CVE-2020-0886
MD5 | fcac5139eefb819b4a7b0e211caa1f0d
Microsoft Windows CloudExperienceHostBroker Privilege Escalation
Posted Sep 8, 2020
Authored by James Forshaw, Google Security Research

The CloundExperienceHostBroker hosts unsafe COM objects accessible to a normal user leading to elevation of privilege.

tags | exploit
advisories | CVE-2015-2528, CVE-2020-1471
MD5 | c38651bc173d658ea5caddd8450163b6
Microsoft Windows CmpDoReadTxRBigLogRecord Memory Corruption Privilege Escalation
Posted Aug 21, 2020
Authored by James Forshaw, Google Security Research

The handling of KTM logs when initializing a Registry Hive contains no bounds checks which results in privilege escalation.

tags | exploit, registry
advisories | CVE-2020-1378
MD5 | 47cc29fc3f9a4152d374689e8d8dbe44
Microsoft Windows CmpDoReDoCreateKey Arbitrary Registry Key Creation Privilege Escalation
Posted Aug 21, 2020
Authored by James Forshaw, Google Security Research

The handling of KTM logs does not limit Registry Key operations to the loading hive leading to elevation of privilege.

tags | exploit, registry
advisories | CVE-2020-1377
MD5 | cde9e4062cc05fc18d17cf5eabad623b
Page 1 of 5
Back12345Next

File Archive:

August 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    1 Files
  • 2
    Aug 2nd
    7 Files
  • 3
    Aug 3rd
    5 Files
  • 4
    Aug 4th
    0 Files
  • 5
    Aug 5th
    0 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    0 Files
  • 9
    Aug 9th
    0 Files
  • 10
    Aug 10th
    0 Files
  • 11
    Aug 11th
    0 Files
  • 12
    Aug 12th
    0 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close