CVE-2020-0668

Use CVE-2020-0668 to perform an arbitrary privileged file move operation.

CVE-2020-0668 Use CVE-2020-0668 to perform an arbitrary privileged file move operation Use githubcom/itm4n/UsoDllLoader (Windows >= 1903) OR githubcom/xct/diaghub (Windows < 1903) for privilege escalation Demo Links & Resources itm4ngithubio/cve-2020-0668-windows-service-tracing-eop/ itm4ngithubio/usodllloader-part

CVE-2020-0668

CVE-2020-0668 powershell 实现，利用printconfigdll来提权 evil dll可以自己定义，我这里的dll会执行c:\programdata\setupbat文件 Reference: portalmsrcmicrosoftcom/en-US/security-guidance/advisory/CVE-2020-0668 itm4ngithubio/cve-2020-0668-windows-service-tracing-eop TODO： ​ 1利用RASPLAP服务提权 githubcom/NotGlop/SysEx

CVE-2020-0668 Ref: githubcom/RedCursorSecurityConsulting/CVE-2020-0668

Make CVE-2020-0668 exploit work for version < win10 v1903 and version >= win10 v1903

CVE-2020-0668 Make CVE-2020-0668 exploit work for version &lt; win10 v1903 and version &gt;= win10 v1903 Diaghub Exploit (&lt; v1903) powershell exploit works on version &lt; win10 v1903 with Diaghub Usage STEP 1：generate evildll with msfvenom example add a user ： msfvenom -p windows/x64/exec CMD="net user test test /add" -f dll &gt; evil

CVE-2023-29343 This is PoC for arbitrary file write bug in Sysmon version 1414 After last patch Sysmon would check if Archive directory exists and if it exists it would check if archive directory is owned by NT AUTHORITY\SYSTEM and access is only granted to NT AUTHORITY\SYSTEM If both conditions are true then Sysmon will write/delete files in that directory As its not possi

CVE-2020-0668 Ref: githubcom/RedCursorSecurityConsulting/CVE-2020-0668

Some binaries/scripts that may be useful in red team/pentest exercises

Red Team Arsenal Some binaries/scripts that may be useful in red team/pentest exercises Most of the stuff here is far from fancy or the best solution possible, sorry :( they just do the job and might come in handy for you in some way adduserbyimpersonationcpp: A modified version of sensepost's impersonate to only impersonate a token and add a new local admin/domain

Some of the tools needed for a red team engagement.

ITSec-toolkit Some of the tools needed for a red team engagement What is this mess? This is a list of precompiled tools needed for penetration testing This is mean to make it easy to pull the whole thing to a VM and start hacking away Other very useful repos githubcom/Kevin-Robertson/Inveigh githubcom/ParrotSec/mimikatz githubcom/PowerShellMafia/