Faxhell - A Bind Shell Using The Fax Service And A DLL Hijack

A Proof-of-Concept bind shell using the Fax service and a DLL hijack based on Ualapi.dll. See our writeup at: https://windows-internals.com/faxing-your-way-to-system/ How to use Build Ualapi.dll and place in c:\windows\system32 Start the Fax service, which will load the DLL and call the export...

CVE-2017-0199: In the Wild Attacks Leveraging HTA Handler

FireEye recently detected malicious Microsoft Office RTF documents that leverage CVE-2017-0199, a previously undisclosed vulnerability. This vulnerability allows a malicious actor to download and execute a Visual Basic script containing PowerShell commands when a user opens a document containing ...

CVE-2017-0199: In the Wild Attacks Leveraging HTA Handler

FireEye recently detected malicious Microsoft Office RTF documents that leverage CVE-2017-0199, a previously undisclosed vulnerability. This vulnerability allows a malicious actor to download and execute a Visual Basic script containing PowerShell commands when a user opens a document containing ...

Microsoft Windows - ACLs Privilege Escalation (2)

Microsoft Windows - ACLs Privilege Escalation 2 / Privilege Scalation for Windows Networks using weak Service restrictions v2.0 c 2006 Andres Tarasco Acuña atarasco at gmail.com Date: February 6, 2006 - http://www.haxorcitos.com http://microsoft.com/technet/security/advisory/914457.mspx...

MS Windows Services ACLs Local Privilege Escalation Exploit (updated)

Exploit for unknown platform in category local exploits ===================================================================== MS Windows Services ACLs Local Privilege Escalation Exploit updated ===================================================================== / Privilege Scalation for Windows...