Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- SandboxEscaper
- @SandboxBear
- C:\config.msi, if created by windows installer, a reg key is made that is used as a security check. If you prevent that reg key from being deleted at cleanup and create that folder as user, you got an LPE. No junctions needed to abuse config.msi/rollback scripts btw.
- 11:58 AM · Dec 22, 2020·Twitter for Android
- 10
- Retweets
- 48
- Likes
- SandboxEscaper
- @SandboxBear
- ·
- 1h
- Replying to
- @SandboxBear
- I couldnt convince folks that this is a security issue. So whatever.
- ⛧ɉªɳ ҎʘΰⱠᶊᶓא⛧
- @Jan0fficial
- ·
- 1h
- Replying to
- @SandboxBear
- So if you pack malware as .msi installer and spoof creator.. you could probably do all kind of crazy shit
- SandboxEscaper
- @SandboxBear
- ·
- 1h
- No, this is about hijacking rollback scripts. Run the /fa (repair flag) on installers in c:/windows/installer and check procmon. You will see config.msi. You can take control of this folder and provide fake rollback scripts, doing malicious actions.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement