Skip to content

Malwareman007/CVE-2022-30206

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits

FileLock

FileLock

 
 

addpriner

addpriner

 
 

openprinter

openprinter

 
 

.gitignore

.gitignore

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

Repository files navigation

CVE-2022-30206

This is the PoC for CVE-2022-30206.

Windows Print Spooler Elevation of Privilege Vulnerability.

Introduction

Perform the following operations to arbitrary file deletion:

  1. Run the addprinter.exe to create a printer and set the SpoolDirectory in C:\Users\Public\tmp\1.
  2. Run the FileLock.exe TargetFile to redirect .SHD file to TargetFile and set a oplock on TargetFile.
  3. Run the openprinter.exe to make the printer work, which will trigger the oplock, then release the oplock, the TargetFile will be deleted.

PS

  1. This PoC needs to be combined with some other tricks(such as https://github.com/thezdi/PoC/tree/master/FilesystemEoPs) to make arbitrary file deletion to achieve EoP
  2. If the execution is not successful at one time, you need to modify the .SHD filename of the FileLock's main.cpp. Normally, the file id is incremented by two each time after a print job, please try 00005.SHD、00007.SHD…

About

A POC of CVE-2022-30206

Topics

microsoft windows security privileges vulnerability cve cve-2022-30206 print-spooler

Resources

Readme

License

LGPL-2.1 license
Activity

Stars

16 stars

Watchers

2 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages