Windows Escalate UAC Protection Bypass Via Dot Net Profiler

Posted by deepcore on November 20, 2019 – 3:21 pm

Microsoft Windows allows for the automatic loading of a profiling COM object during the launch of a CLR process based on certain environment variables ostensibly to monitor execution. In this case, the authors abuse the profiler by pointing to a payload DLL that will be launched as the profiling thread. This thread will run at the permission level of the calling process, so an auto-elevating process will launch the DLL with elevated permissions. In this case, they use gpedit.msc as the auto-elevated CLR process, but others would work, too.

This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.

« [local] Xorg X11 Server – Local Privilege Escalation (Metasploit) scadaApp For iOS 1.1.4.0 Denial Of Service »

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

Windows Escalate UAC Protection Bypass Via Dot Net Profiler

Post a reply

Tabs Switcher

Categories

Archives

Meta

BLOGROLL