CVE-2024-26229 PoC — Windows CSC Service Elevation of Privilege Vulnerability

Source

https://github.com/shinspace92/cve-2024-26229

Associated Vulnerability

Title:Windows CSC Service Elevation of Privilege Vulnerability (CVE-2024-26229)
Description:Windows CSC Service Elevation of Privilege Vulnerability

Description

Nim touch up of CVE 2024 26229

Readme

# cve-2024-26229
A nim version of the (now outdated) Windows LPE vulnerability abusing CSC. 
This is for educational purposes only, and refer to the patch list to determine whether or not your system/your target is vulnerable.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26229 

# Usage
### Compilation
```
# Make sure you have the necessary nim libraries installed
# This will create a main.exe
nim c --app=console --cpu=amd64 --os=windows -d:release --gc:arc --passL:-s main.nim
```

### What Actually Gets Executed
The template uses powershell to execute a base64 encoded script block. Host your payload on a web server (or utilize the file hosting mechanism available on most C2 platforms), base64 encode the download string and simply replace the ###Your base64 delivery here### with the base64 encoded string.

# Indicators of Compromise
### Host-Based Analysis
To be updated

### Network-Based Analysis
To be updated

File Snapshot


 [4.0K]  /data/pocs/db0e351b3bec657e9057f7cd86eacf8cec675dc7
├── [180K]  main.exe
├── [8.3K]  main.nim
└── [ 942]  README.md

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!