Skip to content
/ delete2SYSTEM Public
forked from sailay1996/delete2SYSTEM

Weaponizing for Arbitrary Files/Directories Delete bugs to Get NT AUTHORITY\SYSTEM

0 stars 30 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

5l1v3r1/delete2SYSTEM

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

12 Commits

src

src

 
 

NtApiDotNet.dll

NtApiDotNet.dll

 
 

README.md

README.md

 
 

RpcSsImpersonator.exe

RpcSsImpersonator.exe

 
 

impersonate.dll

impersonate.dll

 
 

poc.ps1

poc.ps1

 
 

wmp_del2sys.jpg

wmp_del2sys.jpg

 
 

wmpnetwk.exe

wmpnetwk.exe

 
 

Repository files navigation

Delete2SYSTEM

Weaponizing for Arbitrary Files/Directories Delete bugs to Get NT AUTHORITY\SYSTEM

Short Description:

I just combined @jonasLyk's technique https://secret.club/2020/04/23/directory-deletion-shell.html and one of technique from this article https://0x00sec.org/t/windows-defender-av-zero-day-vulnerability/22258 which using windows media player (service and folder).

Read Me:

In order to work this technique, you must to delete the 2 folders which are C:\ProgramData\Microsoft\Windows\WER\* and C:\Program Files (x86)\Windows Media Player with Arbitrary Files/Directories Delete bugs such as CVE-2020-1170, CVE-2020-1571, etc ...

Note:

NtApiDotNet.dll from James Forshaw.

test1

Thanks to: @jonasLyk and other who research awesome things

Code Browsed from:

https://github.com/sailay1996/RpcSsImpersonator

About

Weaponizing for Arbitrary Files/Directories Delete bugs to Get NT AUTHORITY\SYSTEM

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • C 71.6%
  • C++ 16.5%
  • PowerShell 11.9%