.. | |||
srvsvc_vuln | Loading last commit info... | ||
README.md | |||
srvsvc_vuln.sln |
README.md
Server Service Authentication Coerce Vulnerability
This is the git repository for the PoC of the srvsvc auth coerce vulnerability (CVE-2022-30216).
More details in our blog post.
Compiling
- Open the .sln project with Visual Studio and edit the
pszHost
to hold the IP/hostname of the target. cert.StoreName
andcert.StoreLocation
variables should contain the IP/hostname of the relaying machine.- Compile the project. srvsvc_vuln.exe will be created. This file should be run from the attacker's machine.
Requirements
- The attacker should be in the same domain as the target.
- The target should have an unpatched Windows 11 or Windows Server 2022 machine.