Skip to content
/ SystemCopy Public

Copy files as 'nt authority\system' from low privileged account

2 stars 3 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

lnv42/SystemCopy

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
Release
Release
 
 
README.md
README.md
 
 
SystemCopy.vcxproj
SystemCopy.vcxproj
 
 
hardlink.cpp
hardlink.cpp
 
 
main.cpp
main.cpp
 
 
ntimports.h
ntimports.h
 
 
rpc.idl
rpc.idl
 
 
stdafx.h
stdafx.h
 
 
typed_buffer.h
typed_buffer.h
 
 

Repository files navigation

SystemCopy

Copy files as 'nt authority\system' from low privileged account.

This tool exploits this vulnerability https://www.kb.cert.org/vuls/id/906424 and is adapted from this PoC https://github.com/SandboxEscaper/randomrepo/blob/master/PoC-LPE.rar

This tool allows any user to write content of any file that your user can read and the 'nt authority\system' user can write. This tool was successfully tested on :

  • Windows 10 x64/x32
  • Windows 8.1 x64/x32
  • Windows 7 x64/x32

It may work on other versions including Windows Server

usage

SystemCopy.exe srcFile dstFile # srcFile content will be copied into dstFile.

WARNING : The tool leaves the dstFile world writable!

About

Copy files as 'nt authority\system' from low privileged account

Resources

Readme
Activity

Stars

2 stars

Watchers

2 watching

Forks

3 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages