POC详情: 35dfade55d58b9543b5f87e2ed105b3e217d3873

来源
https://github.com/zwclose/CVE-2021-26258
关联漏洞
标题: Intel Killer Control Center 安全漏洞 (CVE-2021-26258)
描述:Intel Killer Control Center是美国英特尔(Intel)公司的一个程序,它可检查应用程序并设置优先级,以便对速度有要求的应用程序可优先分配访问带宽。 Intel Killer Control Center software 2.4.3337.0之前版本存在安全漏洞,经过身份验证的用户利用该漏洞可以实现权限升级。
描述
Files and tools for CVE-2021-26258
介绍
This repo contains tools and supplementary files for CVE-2021-26258 PoC. See the [blogpost](https://zwclose.github.io/2022/12/18/killer1.html) for details of the vuln.

**List of files**:
* rn.stg.original: original .stg file that comes with Intel Killer
* rn.xml.original: .xml file extracted from rn.stg.original by using rnstg-tool
* rn_custom.xml: custom .xml file that disables network access for Discord.exe and starts RemoteRegistry service
* rn_custom.stg: custom .stg file derived from rn_custom.xml by using rnstg-tool
* WebSrv.py: tiny web server written in Python3 for simulation of person-in-the-middle attack. The server just replies all HTTP requests with rn_custom.stg file located in the same directory as the server
* rnstg-tool: source files of the tool for packing and unpacking Killer storage files. The tool has two commands: "unpack" command extracts rn.xml stream of the input file pased as first argument, decrypts it and stores the decrypted XML to the output file which is second argument of the command. Similarly, "unpack" command takes XML file as input, encrypts it and stores the ecnrypted content to the .stg file passed as the second argument. The storage file then can be fed to Killer via its update mechanism. The tool is pretty simplistic, it doesn't verify input and output files, so do not confuse commands and their arguments!

To run the demo add the following line to .hosts file "127.0.0.1 www.killernetworking.com", put rn_custom.stg to the same directory as WebSrv.py and run the script. Next, go to Killer UI, navigate to Settings tab and click "Download Latest App Priorities" button. For details of environment setup and video of the attack refer to Demo section of the [blogpost](https://zwclose.github.io/2022/12/18/killer1.html). Feel free to ask questions in [Twitter](https://twitter.com/zwclose)
文件快照

 [4.0K]  /data/pocs/35dfade55d58b9543b5f87e2ed105b3e217d3873
├── [1.8K]  README.md
├── [ 21K]  rn_custom.stg
├── [ 18K]  rn_custom.xml
├── [1.0M]  rn.stg.original
├── [4.0K]  rnstg-tool
│   ├── [4.0K]  Release
│   │   └── [ 14K]  rnstg-tool.exe
│   ├── [ 11K]  rnstg-tool.cpp
│   ├── [1.4K]  rnstg-tool.sln
│   ├── [7.0K]  rnstg-tool.vcxproj
│   └── [ 983]  rnstg-tool.vcxproj.filters
└── [ 766]  WebSrv.py

2 directories, 10 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。