Create 青藤云 EDR 权限提升漏洞.md

2023-08-23 12:47:40 +08:00 · 2023-08-23 12:47:40 +08:00 · 83fe8367fc
commit 83fe8367fc
parent 8c00c3a80c
1 changed files with 29 additions and 0 deletions
--- a/权限提升漏洞.md
+++ b/权限提升漏洞.md
@ -0,0 +1,29 @@
+## 青藤云 EDR 权限提升漏洞
+```
+青藤的测试 POC
+local function save_python_info(ctx, info_table)
+local proc_names = {"python.exe"}
+local procs_ret = ctx.get_proc_list_info_rely(ctx, proc_names)
+if next(procs_ret) == nil then
+return
+end
+-- call get version
+-- ... 省略无关代码
+get_python_ver(proc) -- ... 省略无关代码
+end
+function get_python_ver(proc)
+if proc == nil then
+return "" end
+
+if file_api.file_exists(proc.path) then
+local cmdline = "\"" .. proc.path .. "\" -V"
+local ret, output = common.execute_shell(cmdline)
+if ret == 0 and output and output ~= "" then
+return regex.match(output, "\\d.+\\d")
+else
+agent.error_log("get python version info error:" .. tostring(ret))
+return "" end
+end
+End
+
+```