An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system, aka 'Windows Print Spooler Elevation of Privilege...

An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system, aka 'Windows Print Spooler Elevation of Privilege Vulnerability'. This vulnerability, with a score of 7.8[1], is enabled through the Junction Directory time-of-check to time-of-use (TOCTOU) where the dummy junction folder can be created with a User level privilege, deleted, and later be accessed on behalf of NT AUTHORITY\SYSTEM, providing access to the System32 folder. Plan to Demonstrate We plan to demonstrate this CVE by creating a virtual environment using Oracle’s VM VirtualBox and installing a Windows 8 or 10 virtual machine in it. We are planning to demonstrate the vulnerability CVE 2020-1337 by logging on to the target machine as a non-privileged user, using windows powershell and running the exploit script, which will add a Local Printing Port by using TOCTOU to achieve admin privilege to access the System files. Once we have achieved the privileged rights, we will be able to access the target’s data and also perform read/write/execute commands on the target’s platform


ICT287 – Assignment 2 Topic Proposal Vulnerability: CVE-2020-1337 (Windows Print Spooler Elevation of Privilege Vulnerability) Description An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system, aka 'Windows Print Spooler Elevation of Privilege Vulnerability'. This vulnerability, with a score of 7.8[1], is enabled through the Junction Directory time-of-check to time-of-use (TOCTOU) where the dummy junction folder can be created with a User level privilege, deleted, and later be accessed on behalf of NT AUTHORITY\SYSTEM, providing access to the System32 folder. Plan to Demonstrate We plan to demonstrate this CVE by creating a virtual environment using Oracle’s VM VirtualBox and installing a Windows 8 or 10 virtual machine in it. We are planning to demonstrate the vulnerability CVE 2020-1337 by logging on to the target machine as a non-privileged user, using windows powershell and running the exploit script, which will add a Local Printing Port by using TOCTOU to achieve admin privilege to access the System files. Once we have achieved the privileged rights, we will be able to access the target’s data and also perform read/write/execute commands on the target’s platform. [1] https://nvd.nist.gov/vuln/detail/CVE-2020-1337#match-5864130This study source was downloaded by 100000823508195 from CourseHero.com on 06-06-2021 07:51:47 GMT -05:00 https://www.coursehero.com/file/79316513/ICT287-Assignment-2-Proposaldocx/ Th is stu dy re so ur ce w as sh are d v ia Co ur se He ro .co m Powered by TCPDF (www.tcpdf.org) https://www.coursehero.com/file/79316513/ICT287-Assignment-2-Proposaldocx/ http://www.tcpdf.org