3

Recently a vulnerability in Microsoft's Cortana (CVE2018-8140) has been patched. Mcafee made a blog post about it explaining some background information. There is also a video showing a Proof of Concept, resetting the password of a computer and logging in.

Now I am trying to recreate this PoC purely out of curiosity and interest. I am able to execute a PowerShell script trough Cortana on the login screen but I am unable to reset or change a password. Clearly, I do not have the rights to do this without logging in and thereby accepting the UAC.

The PS script is as follows

[console]::beep(2000,1000)
net user Username newpassword

I am not asking for programming help but I would like to know if I am missing something important about this vulnerability. Does anyone know how to execute a elevated PowerShell script using the recent Cortana vulnerability? Or the method used to reset the password as shown in the video.

toom
  • 584
  • 3
  • 20
  • 1
    The command you are using in not PowerShell. You may be executing it within PowerShell but that doesn't make it a PowerShell command. The PowerShell command you are looking for, if you are a domain member is; `Set-ADAccountPassword`. I don't know if this is relevant to your PoC but I hope it's helpful. – Citizen Dec 27 '19 at 21:30

0 Answers0