Exploit Microsoft Windows NT 4.0 - Recycle Bin Pre-created Folder

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
19739
Проверка EDB
  1. Пройдено
Автор
ARNE VIDSTRON & NOBUO MIWA
Тип уязвимости
LOCAL
Платформа
WINDOWS
CVE
cve-2000-0121
Дата публикации
2000-02-01
Microsoft Windows NT 4.0 - Recycle Bin Pre-created Folder
Код:
Microsoft Windows NT 4.0/SP1/SP2/SP3/SP4/SP5/SP6 Recycle Bin Pre-created Folder Vulnerability

source: https://www.securityfocus.com/bid/963/info


When an NT user uses the Recycle Bin for the first time on a given partition, a folder is created in the \Recycler folder on that partition with the name of the new folder set to the user's SID. When this happens, appropriate permissions are set to prevent other users from accessing files in that folder. However, if that folder does not yet exist, a local attacker can create it, set arbitrary permissions, and then later access any files deleted by the user. The files themselves will retain their original permissions, but if the attacker gives him/herself Full Access to the user's Recycler folder they can overwrite files with arbitrary content.

This vulnerability only applies to NTFS partitions, as there is no local access control on any files on a FAT partition. 

This exploit will create a range of folders in th e\Recyycler folder of the selected partition, with names based on projected SID numbers erived from the user's own SID.

Usage: RecyclerSnooper #_of_folders driveletter
Example: RecyclerSnooper 200 C 

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/19739.exe
 
Источник
www.exploit-db.com

Похожие темы