HiveNightmare Exploitation

HiveNightmare Exploitation

Harshit Rajpal Harshit Rajpal

Harshit Rajpal

Security Engineer @ Security Innovation | MS Cybersecurity @ NYU

发布日期: 2021年11月14日
+ 关注

Introduction

CVE-2021-36934?also known as SeriousSAM and HiveNightmare vulnerability was discovered by Jonas Lykkegaard in July 2021. Due to an ACL misconfiguration in Windows 10 post-build 1809 and Windows 11, non-admin users are granted read access to the holy trio of SAM, SYSTEM and SECURITY files under?%windir%\system32\config?directory. For this to be true, however, system protection has to be turned on and a volume shadow copy has to be created. The name ‘HiveNightmare’ is derived from a common name ‘hives’ which refers to the files that have registry data stored.

Table of Content

  • System protection and creating restore points
  • Exploitation Method 1: HiveNightmare.exe (C++ exploit)
  • Exploitation Method 2: serioussam.ps1 (Powershell exploit)
  • Exploitation Method 3: hive.exe (Go exploit)
  • Privilege Escalation
  • Conclusion and Mitigation

To read the full article, check the post here

Maxwell Ferreira

Cyber Security Analyst | Cyber Security Engineer | Penetration Tester | Red Team | Ethical Hacking | Vulnerability Assessment

2 个月

Harshit, thanks for sharing!
回复

要查看或添加评论,请登录

Harshit Rajpal的更多文章

  • Make your own Linux 64-bit shellcodes - Part 1
    2024年3月4日

    Make your own Linux 64-bit shellcodes - Part 1

    Shellcodes are machine instructions which are used as a payload in the exploitation of a vulnerability. An exploit is a…

    3 条评论
  • Android Hooking and SSLPinning Bypass and more using Objection Framework
    2020年12月17日

    Android Hooking and SSLPinning Bypass and more using Objection Framework

    Objection is runtime mobile exploration toolkit built on top of frida which is used in Android and iOS pentesting. We…

  • Android Application Framework: Beginner’s Guide
    2020年12月3日

    Android Application Framework: Beginner’s Guide

    Android is a mobile operating system based on a modified version of the Linux kernel and other open-source software…

    2 条评论
  • uCertify's CySA+ (CS0-001) Experience
    2020年2月20日

    uCertify's CySA+ (CS0-001) Experience

    I have always been skeptical when it comes to online learning. I don't know but I never actually accepted the idea of…

  • Hack the Box: Help Walkthrough
    2019年6月24日

    Hack the Box: Help Walkthrough

    Published on Hacking Articles (22 June) Help is a recently retired CTF challenge VM on Hack the Box and the objective…

  • Covert Channel: The Hidden Network
    2019年4月21日

    Covert Channel: The Hidden Network

    Generally, the hacker uses a hidden network to escape themselves from firewall and IDS such. In this post, you will…

  • Hack The Raven 2: CTF challenge
    2018年11月23日

    Hack The Raven 2: CTF challenge

    Hello everyone and welcome to yet another CTF challenge walkthrough. This time we’ll be putting our hands on Raven 2.

    3 条评论
  • Hack the Box: Poison walkthrough
    2018年9月8日

    Hack the Box: Poison walkthrough

    Hello everyone and welcome to yet another CTF challenge from hack the box, called ‘Poison,’ which is available online…

    1 条评论
  • Master guide to Linux Privilege Escalation by Hacking Articles
    2018年8月23日

    Master guide to Linux Privilege Escalation by Hacking Articles

    Below is a collection of all the articles we have practically performed and are the best methods to get triple 0s (if…

    3 条评论
  • Hack the CH4INRULZ : 1.0.1 (CTF challenge)
    2018年8月12日

    Hack the CH4INRULZ : 1.0.1 (CTF challenge)

    Hello readers and welcome to another CTF challenge. This VM is made by Frank Tope as you’ll see in the very homepage on…

    3 条评论

社区洞察

其他会员也浏览了