CVE-2021-43883

Windows MSI Installer LPE (CVE-2021-43883)

shakeitoff A smaller, minimized, and cleaner version of InstallerFileTakeOver aka the zero-day exploit that is a "variation" of CVE-2021-41379 (later assigned CVE-2021-43883) This version does not pop a shell like InstallerFileTakeOver The point of this code was to create a simpler proof of concept that more reliably demonstrates the file creation attack This proof

Disclaimer All of these tools were developed for use in the OSEP course During development of them, as I learned more, in many cases I went above and beyond what the course taught because I figured "Why not build things against latest patch AV?" That is not to say that all of the things in this repo are now beating Live Defender; however at one point or another, m

InstallerFileTakeOver Fixed as CVE-2021-43883 in December 2021 patch As some of you may notice, this also works in server installations While Group Policy by default doesn't allow standard users to do any msi operation, the administrative install feature seems to be completely bypassing group policy This variant was discovered during the analysis of CVE-2021-41379 patch

Disclaimer All of these tools were developed for use in the OSEP course During development of them, as I learned more, in many cases I went above and beyond what the course taught because I figured "Why not build things against latest patch AV?" That is not to say that all of the things in this repo are now beating Live Defender; however at one point or another, m

Usefull escalation of privilege Windows

usefull-elevation-of-privilege English | 中文简体 Category instruction Author 0x727 Team 0x727 Open source tools will continue for some time to come Position This is used to store information about Windows privilege escalation exploits Language C++、C# Windows Elevation of Privilege CVE Verified Exploit Comment CVE-2021-1675 true CVE-2021-1675 ⚡