In one of my darker moments, I decided to install Hyper-V on my Windows 10 desktop. While looking into other issues on my system, I noticed that during sytstem startup vmms.exe, which is related to Hyper-V, was looking for a DLL in a directory I had added to my path. To test out if this…
All posts in exploit
Privilege Escalation and Persistence through Steam Install Scripts
Note: These issues were last tested with the Steam version shown below: After playing around looking for DLL side-loading issues in System32, I started looking around on my system outside of System32 for any interesting applications I had installed that could be leveraged. One application that immediately caught my eye was Steam, since its installation…
Privilege Escalation with Canon MX490 Printer Drivers
As part of my “research” I created a tool called “Get-Writable” that will search for .exe and .dll files that are world writable. You pass Get-Writable a directory path, and it will recursively look through every directory to find files. I had Get-Writable start at the “C:\” root to try and find all writable .exe’s…
ASX to MP3 Converter SEH Exploit
After completing my SLAE x86 certification, I wanted to begin my journey into exploit development. Several years ago, I had went through the excellent exploit development tutorials provided by Corelan and FuzzySecurity. Since then, I have forgotten almost everything and wanted to start over and go through these tutorials again. In addition to Corelan and…