Weaponizing for privileged file writes bugs with windows problem reporting
Weaponizing for privileged file writes bugs with windows problem reporting
I've found phoneinfo.dll (which is missing in system32 dir) has been loaded by wermgr.exe (windows problem reporting) when I enable boot logging in Procmon. It mean, phoneinfo.dll
is loaded after reboot. Then, I asked to @jonasLyk that can I trigger to load phoneinfo.dll
without reboot and he said "yes!". And then, This trigger was happened.
you can also use @it4man's UsoDllLoader as a weapon for privileged file writes bugs and also there's another techniques at here FileWrite2system
phoneinfo.dll
to C:\Windows\System32\
Report.wer
file and WerTrigger.exe
in a same directory.WerTrigger.exe
.by @404death
Thanks to: @jonasLyk for giving advice which is without reboot technique