CVE-2021-41379

Windows MSI Installer LPE (CVE-2021-43883)

shakeitoff A smaller, minimized, and cleaner version of InstallerFileTakeOver aka the zero-day exploit that is a "variation" of CVE-2021-41379 (later assigned CVE-2021-43883) This version does not pop a shell like InstallerFileTakeOver The point of this code was to create a simpler proof of concept that more reliably demonstrates the file creation attack This proof

Disclaimer All of these tools were developed for use in the OSEP course During development of them, as I learned more, in many cases I went above and beyond what the course taught because I figured "Why not build things against latest patch AV?" That is not to say that all of the things in this repo are now beating Live Defender; however at one point or another, m

JustRepository Testing project Getting Started These are repository for tools and code I modify and compile for fun (?) Note that "use this for educational purposes only" Webshellphp simple webshell that protected with parameter Upload shell rename it with "pagebackupphp" Call it with your own parameter: examplecom/uploads/pagebackupphp?dxnboy=4

InstallerFileTakeOver Fixed as CVE-2021-43883 in December 2021 patch As some of you may notice, this also works in server installations While Group Policy by default doesn't allow standard users to do any msi operation, the administrative install feature seems to be completely bypassing group policy This variant was discovered during the analysis of CVE-2021-41379 patch

InstallerFileTakeOver For your notes, this works in every supporting windows installation Including Windows 11 and Server 2022 with November 2021 patch As some of you might notice, this also work in server installations While group policy by default doesn't allow standard users to do any msi operation The administrative install feature thing seems to be completely byp

Disclaimer All of these tools were developed for use in the OSEP course During development of them, as I learned more, in many cases I went above and beyond what the course taught because I figured "Why not build things against latest patch AV?" That is not to say that all of the things in this repo are now beating Live Defender; however at one point or another, m

InstallerFileTakeOver For your notes, this works in every supporting windows installation Including Windows 11 and Server 2022 with November 2021 patch As some of you might notice, this also work in server installations While group policy by default doesn't allow standard users to do any msi operation The administrative install feature thing seems to be completely byp