rapid7 / metasploit-framework

Metasploit Framework
https://www.metasploit.com/
Other
34.08k stars 13.96k forks source link

Add CVE-2024-21338 post module #19364

Open dledda-r7 opened 2 months ago

dledda-r7 commented 2 months ago

Summary

Crowdefense recently shared a PoC for a LPE in Windows.

Resources: https://www.crowdfense.com/windows-applocker-driver-lpe-vulnerability-cve-2024-21338/ https://nvd.nist.gov/vuln/detail/CVE-2024-21338

3V3RYONE commented 2 months ago

Hello :wave:

Want to pick this one up. Please assign it to me..

dledda-r7 commented 1 month ago

Hello @3V3RYONE, did you had the chance to work on that?

3V3RYONE commented 1 month ago

Hi @dledda-r7 , I was able to use the exploit in a target system. Right now, understanding how to put a module in Metasploit for this. Will ask in Slack. Thanks for checking upon!

Apologies for the delay, please feel free to let me know if this is needed urgently.

dledda-r7 commented 1 month ago

Hello @3V3RYONE, no worries, there is no rush. I just wanted to know if you were working on that or not, otherwise I could spend some time next week. Happy to see you had good progress!