Locked Crassus: Windows privilege escalation discovery tool

[itsMe]

This is the hidden content, please

• Sign In
• or
• Sign Up

Accenture made a tool called Spartacus, which finds DLL hijacking opportunities on Windows. Using Spartacus as a starting point, we created Crassus to extend Windows privilege escalation finding capabilities beyond simply looking for missing files. The ACLs used by files and directories of privileged processes can find more than just looking for missing files to achieve the goal.

Features

    Parsing ProcMon PML files natively. The log (PML) parser has been implemented by porting partial functionality to C# from

This is the hidden content, please

• Sign In
• or
• Sign Up

You can find the format specification here.
    Crassus will create source code for proxy DLLs for all missing DLLs that were identified. For instance, if an application is vulnerable to DLL Hijacking via version.dll, Crassus will create version.cpp and version.def  files for you with all the exports included in it. By default, the proxy DLLs will launch calc.exe. Build scripts are included to build the DLLs on Visual Studio or MinGW.
    For other events of interest, such as creating a process or loading a library, the ability for unprivileged users to modify the file or any parts of the path to the file is investigated.
    Able to process large PML files and store all events of interest in an output CSV file.

This is the hidden content, please

• Sign In
• or
• Sign Up