delete2SYSTEM icon indicating copy to clipboard operation
delete2SYSTEM copied to clipboard

verified publisher icon sailay1996

Metadata

Weaponizing for Arbitrary Files/Directories Delete bugs to Get NT AUTHORITY\SYSTEM

Delete2SYSTEM

Weaponizing for Arbitrary Files/Directories Delete bugs to Get NT AUTHORITY\SYSTEM

Short Description:

I just combined @jonasLyk's technique https://secret.club/2020/04/23/directory-deletion-shell.html and one of technique from this article https://0x00sec.org/t/windows-defender-av-zero-day-vulnerability/22258 which using windows media player (service and folder).

Read Me:

In order to work this technique, you must to delete the 2 folders which are C:\ProgramData\Microsoft\Windows\WER\* and C:\Program Files (x86)\Windows Media Player with Arbitrary Files/Directories Delete bugs such as CVE-2020-1170, CVE-2020-1571, etc ...

Note:

NtApiDotNet.dll from James Forshaw.

test1

Thanks to: @jonasLyk and other who research awesome things

Code Browsed from:

https://github.com/sailay1996/RpcSsImpersonator

Metadata

115
Stars
30
Forks
Watchers

Owner

verified publisher icon sailay1996

Metadata

Weaponizing for Arbitrary Files/Directories Delete bugs to Get NT AUTHORITY\SYSTEM

Back