New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CVE-2023-28252: Windows CLFS Driver Privilege Escalation #18250
Conversation
Is this stable yet to use ? Or it will still BSOD any Windows version tested ? |
documentation/modules/exploit/windows/local/cve_2023_28252_clfs_driver.md
Outdated
Show resolved
Hide resolved
Hey @AkechiShiro, if you run the exploit multiple times on the versions of Windows outlined in the documentation and continuously exit the session you obtain, the machine will eventually BSOD. I need to change how the SYSTEM token, once stolen, is used to spawn a session to avoid reference counter induced BSOD. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks like we have similar art over in https://github.com/rapid7/metasploit-framework/tree/c748cc4ebbe810e4ee473106f1243baa056a0ae2/external/source/exploits/cve-2015-1701/cve-2015-1701
Hey @AkechiShiro, just wanted to let you know the stability issue has been resolved. |
Tested on
However, on the following versions reported as Windows 10 - 1709 (16299.15)
Windows 10 - 1607 (14393.447)
|
…it-framework into clfs-driver-priv-esc
@sjanusz-r7 How do you have access to multiple Windows builds ? I have only found latest build using evaluation ISOs ? EDIT: Sorry I tagged the wrong person |
My apologies @sjanusz-r7, I hadn't updated the check method. Changes have been made it should be good to be run on the following versions: Windows 10 20H2, Windows 10 21H2, Windows 11 21H2 and Windows Server 2022. |
For sanity: Windows Server 2022 (Version 21H2 - Build 20348.169)
Looks good 👍 |
Release NotesAdds a new privilege escalation module that exploits a vulnerable |
The module steals an NT AUTHORITY\SYSTEM level token and spawns a meterpreter session with the stolen token.
The module uses the Reflective DLL Template in conjunction with the following PoC in order to exploit the following versions of Windows: Windows 10 20H2, Windows 10 21H2, Windows 11 21H2 and Windows Server 2022.