Catégorie : Packet Storm (Page 1 of 111)
On vulnerable versions of Windows the alpc endpoint method SchRpcSetSecurity implemented by the task scheduler service can be used to write arbitrary DACLs to .job files located in c:windowstasks because the scheduler does not use impersonation when checking this location. Since users can create files in the c:windowstasks folder, a hardlink can be created to a file the user has read access to. After creating a hardlink, the vulnerability can be triggered to set the DACL on the linked file. WARNING: The PrintConfig.dll (%windir%system32driverstorfilerepositoryprnms003*) on the target host will be overwritten when the exploit runs. This Metasploit module has been tested against Windows 10 Pro x64.
Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.
Source: Faraday 3.1