Skip to content

bytecode77/slui-file-handler-hijack-privilege-escalation

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

15 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Slui File Handler Hijack LPE

Exploit Information
Date 15.01.2018
Patched Windows 10 20H1 (19041)
exploit-db 44830
Tested on Windows 8-10, x86/x64 independent

Description

slui.exe is an auto-elevated binary that is vulnerable to file handler hijacking.

Read access to HKCU\Software\Classes\exefile\shell\open is performed upon execution. Due to the registry key being accessible from user mode, an arbitrary executable file can be injected.

This exploit is generally independent from programming language and bitness, as no DLL injection or privileged file copy is needed. In addition, if default system binaries suffice, file drops can be avoided altogether.

Expected Result

When everything worked correctly, a cmd.exe should be spawned with high IL.

Downloads

Compiled binaries:

SluiFileHandlerHijackLPE.zip (ZIP Password: bytecode77)

Project Page

bytecode77.com/slui-file-handler-hijack-privilege-escalation

Releases

No releases published

Packages

No packages published

Languages