Skip to content

CrackerCat/CVE-2020-11492

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

13 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

CVE-2020-11492

Proof-of-Concept (PoC) for Docker Desktop for Windows privilege escalation vulnerability. This vulnerability was patched in Docker version 2.3.0.2 on May 11th, 2020.

This PoC performs the following:

  • creates a named pipe mimicking docker named pipe \\.\\pipe\\dockerLifecycleServer,
  • call ImpersonateNamedPipeClient after connection from docker service,
  • retrieve and duplicate the impersonated access token from the current thread,
  • launch a new process with the token. The new process will run as SYSTEM.

References

About

No description, website, or topics provided.

Resources

Stars

2 stars

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors

Languages