Skip to content
This repository has been archived by the owner on Jun 18, 2021. It is now read-only.

Privesc through import of Sheduled tasks + Hardlinks - CVE-2019-1069

License

Notifications You must be signed in to change notification settings

S3cur3Th1sSh1t/SharpPolarBear

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

SharpPolarBear

This is a weaponized version for one of the Exploits published by SandboxEscaper from here (https://github.com/SandboxEscaper/polarbearrepo).

Most of the code comes from rasta-mouse CollectorService repository (https://github.com/rasta-mouse/CollectorService). I just changed the CVE-2019-0841-Code from the original SandboxEscaper C++ Code to C# and added some checks.

I have also added the required binaries (schtasks.exe, schedsvc.dll + an exported Windows XP Job File), which are unpacked during runtime and deleted afterwards. So you just need one binary here.

Windows Defender seams to have a heuristic detection for Applications creating a hardlink from C:\windows\system32\tasks to a file in C:\windows\system32. So with Defender this executable is most likely blocked/detected.

You have to run the executable twice to get a system shell.

Legal disclaimer:

Usage of SharpPolarBear for attacking targets without prior mutual consent is illegal. It's the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program. Only use for educational / pentesting purposes.

About

Privesc through import of Sheduled tasks + Hardlinks - CVE-2019-1069

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages