MSIFortune - Local Privilege Escalation with MSI Installers | General Hacking | Crax

Welcome To Crax.Pro Forum!

Check our new Marketplace at Crax.Shop

   Login! SignUp Now!

  • We are in solidarity with our brothers and sisters in Palestine. Free Palestine. To learn more visit this Page

  • Crax.Pro domain has been taken down!

    Alternatives: Craxpro.io | Craxpro.com

MSIFortune - Local Privilege Escalation with MSI Installers

MSIFortune - Local Privilege Escalation with MSI Installers

coolrebell
LV
1
 

coolrebell

Member
Joined
Dec 17, 2023
Threads
10
Likes
4
Awards
4
Credits
793©
Cash
0$
MSIFortune - Local Privilege Escalation with MSI Installers

The repair function often triggers CustomActions, which can lead to several potential issues:

— Visible conhost.exe via a cmd.exe or other console binaries
— Visible PowerShell
— Directly actions from the installer with SYSTEM privileges
— Executing binaries from user writable paths
— DLL sideloading / search path abusing
— Missing PowerShell parameters, mostly -NoProfile
— Execution of other tools in an unsafe manner

Details:

MSIFortune - LPE with MSI Installers

MSIFortune - LPE with MSI Installers or MSI - Might (be) stupid idea MSI installers are still pretty alive today. It is a lesser known feature, that a low privileged user can start the repair function of an installation which will run with SYSTEM privileges. What could go wrong? Quite a lot!
badoption.eu
Click to read more...
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Register

Log in

Already have an account? Log in here.

Similar threads

kbf2004
    • Windows Local Privilege Escalation Mastery – Red Team
    0
    82
    kbf2004
    kbf2004
    tensaiD
    • RED TEAM Operator: Privilege Escalation in Windows Course
    0
    81
    tensaiD
    tensaiD
    abdelhadi22
    • privilege-escalation-with-dirty-pipe-vulnerability
    0
    72
    abdelhadi22
    abdelhadi22
    mayoufi
    • Pentesting AWS with Pacu, CloudGoat, and ChatGPT
    0
    108
    mayoufi
    mayoufi
    karan4321
    • Course/Tutorial CEH V 12 EXAM LEAK - 2
    3
    233
    sdfsinik
    sdfsinik
    karan4321
    • CEH V 12 EXAM DUMP -1
    0
    410
    karan4321
    karan4321
    karan4321
    • Course/Tutorial CEH V 12 EXAM DUMPs-4
    0
    248
    karan4321
    karan4321
    Prudent777
    • Cyber security interview questions and answers
    0
    78
    Prudent777
    Prudent777
    hilltimoth
    • Private Learn Vulnerability Analysis in Kali Linux with SysGod!!
    2
    91
    smuthy
    smuthy
    itsebm
    • Multi/Others LockBit Black Builder 3.0 Analysis
    2
    575
    Adom2.0
    Adom2.0
    • Top Bottom
    Tools : Download Tools from our Resources.
    Configs : Download Configs[ob/ob2/svb/cyb/anom].
    Memes : Bored? Lets have some Memes (⁠◠⁠‿⁠◕⁠)
    Crax.Tube : 1st LEARN... Then remove the "L".
    NSFW : I stay away from the internet as much
                                               as I can. Except for PORN.
    Upgrade : Just £15 to access everything NOW!
    Earn : Low on Money?Start Earning from Crax Now!
    Crax.Shop : Buy/Sell without getting Scammed 💯