Zero Day Initiative - Breaking Barriers and Assumptions: Techniques for Privilege Escalation on Windows: Part 2
Briefly

from Zero Day Initiative1 month ago
When the handle is opened with delete permissions, there is nothing done to prevent it from following any links a standard user could create, allowing for potential privilege escalation to NT AUTHORITY\SYSTEM.
Zero Day Initiativehttps://www.zerodayinitiative.com/blog/2024/7/30/breaking-barriers-and-assumptions-techniques-for-privilege-escalation-on-windows-part-2
Using file attribute changes as an indicator, an exploit can be timed to follow a link and delete a target directory, leveraging ESET's handling process to escalate privileges.
Zero Day Initiativehttps://www.zerodayinitiative.com/blog/2024/7/30/breaking-barriers-and-assumptions-techniques-for-privilege-escalation-on-windows-part-2
Creating a symbolic link at the right time, leveraging file attribute changes, is crucial to the success of the exploit, offering insight into when the target directory will be deleted by ekrn.exe.
Zero Day Initiativehttps://www.zerodayinitiative.com/blog/2024/7/30/breaking-barriers-and-assumptions-techniques-for-privilege-escalation-on-windows-part-2
Standard Windows users may lack the SeCreateSymbolicLinkPrivilege needed to create symbolic links directly, highlighting a potential limitation for the exploit.
Zero Day Initiativehttps://www.zerodayinitiative.com/blog/2024/7/30/breaking-barriers-and-assumptions-techniques-for-privilege-escalation-on-windows-part-2
Read at Zero Day Initiative
#file-operations #security-exploitation #privilege-escalation #eset-smart-security #symbolic-links
[
]
[
|
]