Skip to content

sonsu/slui-file-handler-hijack-privilege-escalation

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

13 Commits
SluiFileHandlerHijackLPE
SluiFileHandlerHijackLPE
 
 
.gitignore
.gitignore
 
 
LICENSE.md
LICENSE.md
 
 
README.md
README.md
 
 
SluiFileHandlerHijackLPE.sln
SluiFileHandlerHijackLPE.sln
 
 

Repository files navigation

Slui File Handler Hijack LPE

Exploit Information
Date 15.01.2018
Patched -
exploit-db 44830
Tested on Windows 8-10, x86/x64 independent

Description

slui.exe is an auto-elevated binary that is vulnerable to file handler hijacking.

Read access to HKCU\Software\Classes\exefile\shell\open is performed upon execution. Due to the registry key being accessible from user mode, an arbitrary executable file can be injected.

This exploit is generally independent from programming language and bitness, as no DLL injection or privileged file copy is needed. In addition, if default system binaries suffice, file drops can be avoided altogether.

Expected Result

When everything worked correctly, a cmd.exe should be spawned with high IL.

Downloads

Compiled binaries:

SluiFileHandlerHijackLPE.zip (ZIP Password: bytecode77)

Project Page

bytecode77.com/slui-file-handler-hijack-privilege-escalation

About

Slui File Handler Hijack UAC Bypass Local Privilege Escalation

bytecode77.com/hacking/exploits/uac-bypass/slui-file-handler-hijack-privilege-escalation

Resources

Readme

License

BSD-2-Clause license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • C++ 100.0%