Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

New techinque via IElevatedFactoryServer::ServerCreateElevatedObject(CLSID_TaskScheduler) #129

Closed
zcgonvh opened this issue Jun 21, 2022 · 1 comment
Closed

New techinque via IElevatedFactoryServer::ServerCreateElevatedObject(CLSID_TaskScheduler) #129

zcgonvh opened this issue Jun 21, 2022 · 1 comment
Assignees
@hfiref0x
Labels
enhancement

Comments

@zcgonvh
Copy link

zcgonvh commented Jun 21, 2022

I found a new techinque using Virtual Factory for MaintenanceUI COM object(A6BFEA43-501F-456F-A845-983D3AD7B8F0), it works on win81 to win10 21H2 latest my test, and can be GET SYSTEM DIRECTLY.
POC was herehttps://github.com/zcgonvh/TaskSchedulerMisc/blob/master/schuac.cs.
And I believe the shpafact!CElevatedFactoryServer is a new attack surface(~20 Elevated COM Proxy objects on win10 21H2 default).
@hfiref0x
Copy link
Owner

Thanks for your findings. I'll add this to the next version.

hfiref0x added a commit that referenced this issue Jun 22, 2022
@hfiref0x
v 3.6.1
b6af1a3 
Method 74 added, see #129 for more info;
Readme updated.
hfiref0x added a commit that referenced this issue Jun 22, 2022
@hfiref0x
v 3.6.1
f72ff3e 
Method 74 added, see #129 for more info;
Old unused code removed;
Readme updated.
hfiref0x added a commit that referenced this issue Jun 22, 2022
@hfiref0x
Update README.md
af0b0d6 
Add link to #129
@hfiref0x hfiref0x self-assigned this Jun 22, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@hfiref0x hfiref0x

Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@hfiref0x @zcgonvh