From bce3a2deb9cd4af85048082f9252c3547bfefe18 Mon Sep 17 00:00:00 2001 From: Grzegorz Tworek Date: Tue, 3 Dec 2019 20:33:48 +0100 Subject: [PATCH] Link updates --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 940d5f9..678416b 100644 --- a/README.md +++ b/README.md @@ -40,7 +40,7 @@ Feel free to contribute and/or discuss presented ideas. |`SeIncreaseBasePriority`| ? | ? | ? || |`SeIncreaseQuota`| ? | ? | ? || |`SeIncreaseWorkingSet`| ? | ? | ? || -|`SeLoadDriver`| ***Admin*** | 3rd party tool | 1. Load buggy kernel driver such as `szkg64.sys`
2. Exploit the driver vulnerability | 1. The `szkg64` vulnerability is listed as [CVE-2018-15732](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15732)
2. The example `szkg64` exploit code was created by [Parvez](https://www.greyhathacker.net/?p=1025) | +|`SeLoadDriver`| ***Admin*** | 3rd party tool | 1. Load buggy kernel driver such as `szkg64.sys`
2. Exploit the driver vulnerability | 1. The `szkg64` vulnerability is listed as [CVE-2018-15732](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15732)
2. The `szkg64` [exploit code](https://www.greyhathacker.net/?p=1025) was created by [Parvez Anwar](https://twitter.com/parvezghh) | |`SeLockMemory`| None | - | - | The privilege allows to mark memory pages to be paged (swapped) later than others. Additionally, it is verified when memory partitioning operations are performed. Of course, you can affect availability by taking too much memory (it is enough to open huge pic in mspaint) but it will have the same effect regardless locking pages or not. This permission does allow you to do anything you cannot achieve anyway. | |`SeMachineAccount`| None | - | - |The privilege is not used in the Windows OS. | |`SeManageVolume`| **Threat** | 3rd party tool | Create large file and manipulate the valid data length with [`SetFileValidData()`](https://docs.microsoft.com/en-us/windows/win32/api/fileapi/nf-fileapi-setfilevaliddata). Effectively the data from deleted files should be visible inside the file. |- Files smaller than ~700B fit entirely within MFT entries and will not expose the content with such method.
- It looks like the privilege allows to manipulate with mbr, which may lead to some availability issues. To be investigated. |