Finally the shell pops! Found arb dir deletion vuln, coupled with previous method everything lines up and i see attached pic. I need a break from exploitaiton soon- and deserve it.pic.twitter.com/4LF8BNeRDn
Show this thread
-
arb dir create bug to system shell via Narrator.exe.Local . and it pop up shell in logon UI.pic.twitter.com/RU00lhm4GB
Yes, I made that exploitation route public like 1 month ago here on twitter. It was especially usefull for my lock screen/bit locker bypass exploit. Route from arb dir delete -> arb dir create with permissive write is not going public yet.
-
-
yes bro, we can lockscreen bypass using arb dir create bug via sub-processes of logonui.exe. When we go to lockscreen and then logonui.exe runas system and when we click such as narrator, magnifier, ...etc which from ease of access are also run as SYSTEM.
-
I was referring to https://twitter.com/i/status/1240917568870731776 … where i made narrator.exe.local route public. I initially first used it for my lock screen bypass exploit where i bypass lock screen without any credentials from powered off state.
- Show replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.