Merge pull request #147 from hfiref0x/dev365

v 3.6.5
hfiref0x · Sep 26, 2023 · 3ec8d4d · 3ec8d4d
2 parents f61a052 + 33b2279
commit 3ec8d4d
Show file tree

Hide file tree

Showing 24 changed files with 1,337 additions and 315 deletions.
diff --git a/README.md b/README.md
@@ -793,13 +793,25 @@ First parameter is number of method to use, second is optional command (executab
      * Fixed in: unfixed :see_no_evil:
         * How: -
       * Code status: added in v3.6.4
+78. Author: antonioCoco
+     * Type: Impersonation
+     * Method: SSPI Datagram
+     * Target(s): Attacker defined
+     * Component(s): Attacker defined
+     * Implementation: ucmSspiDatagramMethod
+     * Works from: Windows 7 RTM (7600)
+     * AlwaysNotify compatible
+     * Fixed in: unfixed :see_no_evil:
+        * How: -
+      * Code status: added in v3.6.5
 
 </details>
 
 Note:
 * Method (30) (63) and later implemented only in x64 version;
 * Method (30) require x64 because it abuses WOW64 subsystem feature;
-* Method (55) is not really reliable (as any GUI hacks) and included just for fun.
+* Method (55) is not really reliable (as any GUI hacks) and included just for fun;
+* Method (78) requires current user account password not to be blank.
 
 Run examples:
 * akagi32.exe 23
@@ -903,6 +915,7 @@ https://devblogs.microsoft.com/oldnewthing/20160816-00/?p=94105
 * MSDT DLL Hijack UAC bypass, https://blog.sevagas.com/?MSDT-DLL-Hijack-UAC-bypass
 * UAC bypass through .Net Deserialization vulnerability in eventvwr.exe, https://twitter.com/orange_8361/status/1518970259868626944
 * Advanced Windows Task Scheduler Playbook - Part.2 from COM to UAC bypass and get SYSTEM directly, http://www.zcgonvh.com/post/Advanced_Windows_Task_Scheduler_Playbook-Part.2_from_COM_to_UAC_bypass_and_get_SYSTEM_dirtectly.html
+* Bypassing UAC with SSPI Datagram Contexts, https://splintercod3.blogspot.com/p/bypassing-uac-with-sspi-datagram.html
 
 # Authors
 

diff --git a/Source/Akagi/Resource.rc b/Source/Akagi/Resource.rc
diff --git a/Source/Akagi/global.h b/Source/Akagi/global.h
@@ -4,9 +4,9 @@
 *
 *  TITLE:       GLOBAL.H
 *
-*  VERSION:     3.64
+*  VERSION:     3.65
 *
-*  DATE:        04 Feb 2023
+*  DATE:        22 Sep 2023
 *
 *  Common header file for the program support routines.
 *
@@ -61,8 +61,13 @@
 #include <AccCtrl.h>
 #include <wintrust.h>
 #include <taskschd.h>
+
+#define SECURITY_WIN32
+#include <Security.h>
+
 #pragma comment(lib, "taskschd.lib")
 #pragma comment(lib, "rpcrt4.lib")
+#pragma comment (lib, "Secur32.lib")
 
 #pragma warning(push)
 #pragma warning(disable: 4115) //named type definition in parentheses