Skip to content

0katz/CVE-2019-12476

master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 

ADSelfService-Plus-PoC CVE-2019-12476

ADSelfService Plus version 4.3.3 PoC for an authentication bypass on Windows 10.

Affects all versions of Windows

PoC Video

Steps to repoduce

  1. Disconnect from your enterprise network
  2. Connect to your own hotspot
  3. Click on reset password; the thick client browser should error out with a 404 if the password reset web application is hosted in the intranet
  4. Click on search for this site which should open a new internet explorer window.
  5. Press Ctrl S to open file explorer and browse to c:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  6. Get System Shell without any authentication required.

Fix

Update to the latest version; current latest version is 5.0.6

Notes

The same exploit was verified to work in another vendor, so give it a shot if you're using a self service password reset app in your organazation.

I was able to bypass the patch 5.0.6 but it's very unstable once I find a stable way of automatating the exploit it will be released.

Thanks To

scottjw - For automating the exploit.

About

No description, website, or topics provided.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published