Server Service Authentication Coerce Vulnerability

This is the git repository for the PoC of the srvsvc auth coerce vulnerability (CVE-2022-30216).

More details in our blog post.

Compiling

1. Open the .sln project with Visual Studio and edit the pszHost to hold the IP/hostname of the target.
2. cert.StoreName and cert.StoreLocation variables should contain the IP/hostname of the relaying machine.
3. Compile the project. srvsvc_vuln.exe will be created. This file should be run from the attacker's machine.

Requirements

1. The attacker should be in the same domain as the target.
2. The target should have an unpatched Windows 11 or Windows Server 2022 machine.