{"id":114,"date":"2020-04-27T09:54:38","date_gmt":"2020-04-27T09:54:38","guid":{"rendered":"http:\/\/labs.redyops.com\/?p=114"},"modified":"2020-06-24T07:41:22","modified_gmt":"2020-06-24T07:41:22","slug":"dos-via-arbitrary-folder-creation","status":"publish","type":"post","link":"https:\/\/labs.redyops.com\/index.php\/2020\/04\/27\/dos-via-arbitrary-folder-creation\/","title":{"rendered":"Windows Denial of Service Vulnerability (CVE-2020-1283)"},"content":{"rendered":"<div class=\"addtoany_shortcode\"><div class=\"a2a_kit a2a_kit_size_32 addtoany_list\" data-a2a-url=\"https:\/\/labs.redyops.com\/index.php\/2020\/04\/27\/dos-via-arbitrary-folder-creation\/\" data-a2a-title=\"Windows Denial of Service Vulnerability (CVE-2020-1283)\"><a class=\"a2a_button_copy_link\" href=\"https:\/\/www.addtoany.com\/add_to\/copy_link?linkurl=https%3A%2F%2Flabs.redyops.com%2Findex.php%2F2020%2F04%2F27%2Fdos-via-arbitrary-folder-creation%2F&amp;linkname=Windows%20Denial%20of%20Service%20Vulnerability%20%28CVE-2020-1283%29\" title=\"Copy Link\" rel=\"nofollow noopener\" target=\"_blank\"><\/a><a class=\"a2a_button_twitter\" href=\"https:\/\/www.addtoany.com\/add_to\/twitter?linkurl=https%3A%2F%2Flabs.redyops.com%2Findex.php%2F2020%2F04%2F27%2Fdos-via-arbitrary-folder-creation%2F&amp;linkname=Windows%20Denial%20of%20Service%20Vulnerability%20%28CVE-2020-1283%29\" title=\"Twitter\" rel=\"nofollow noopener\" target=\"_blank\"><\/a><a class=\"a2a_button_facebook\" href=\"https:\/\/www.addtoany.com\/add_to\/facebook?linkurl=https%3A%2F%2Flabs.redyops.com%2Findex.php%2F2020%2F04%2F27%2Fdos-via-arbitrary-folder-creation%2F&amp;linkname=Windows%20Denial%20of%20Service%20Vulnerability%20%28CVE-2020-1283%29\" title=\"Facebook\" rel=\"nofollow noopener\" target=\"_blank\"><\/a><a class=\"a2a_button_linkedin\" href=\"https:\/\/www.addtoany.com\/add_to\/linkedin?linkurl=https%3A%2F%2Flabs.redyops.com%2Findex.php%2F2020%2F04%2F27%2Fdos-via-arbitrary-folder-creation%2F&amp;linkname=Windows%20Denial%20of%20Service%20Vulnerability%20%28CVE-2020-1283%29\" title=\"LinkedIn\" rel=\"nofollow noopener\" target=\"_blank\"><\/a><a class=\"a2a_button_whatsapp\" href=\"https:\/\/www.addtoany.com\/add_to\/whatsapp?linkurl=https%3A%2F%2Flabs.redyops.com%2Findex.php%2F2020%2F04%2F27%2Fdos-via-arbitrary-folder-creation%2F&amp;linkname=Windows%20Denial%20of%20Service%20Vulnerability%20%28CVE-2020-1283%29\" title=\"WhatsApp\" rel=\"nofollow noopener\" target=\"_blank\"><\/a><a class=\"a2a_button_viber\" href=\"https:\/\/www.addtoany.com\/add_to\/viber?linkurl=https%3A%2F%2Flabs.redyops.com%2Findex.php%2F2020%2F04%2F27%2Fdos-via-arbitrary-folder-creation%2F&amp;linkname=Windows%20Denial%20of%20Service%20Vulnerability%20%28CVE-2020-1283%29\" title=\"Viber\" rel=\"nofollow noopener\" target=\"_blank\"><\/a><a class=\"a2a_button_facebook_messenger\" href=\"https:\/\/www.addtoany.com\/add_to\/facebook_messenger?linkurl=https%3A%2F%2Flabs.redyops.com%2Findex.php%2F2020%2F04%2F27%2Fdos-via-arbitrary-folder-creation%2F&amp;linkname=Windows%20Denial%20of%20Service%20Vulnerability%20%28CVE-2020-1283%29\" title=\"Messenger\" rel=\"nofollow noopener\" target=\"_blank\"><\/a><a class=\"a2a_button_telegram\" href=\"https:\/\/www.addtoany.com\/add_to\/telegram?linkurl=https%3A%2F%2Flabs.redyops.com%2Findex.php%2F2020%2F04%2F27%2Fdos-via-arbitrary-folder-creation%2F&amp;linkname=Windows%20Denial%20of%20Service%20Vulnerability%20%28CVE-2020-1283%29\" title=\"Telegram\" rel=\"nofollow noopener\" target=\"_blank\"><\/a><a class=\"a2a_button_skype\" href=\"https:\/\/www.addtoany.com\/add_to\/skype?linkurl=https%3A%2F%2Flabs.redyops.com%2Findex.php%2F2020%2F04%2F27%2Fdos-via-arbitrary-folder-creation%2F&amp;linkname=Windows%20Denial%20of%20Service%20Vulnerability%20%28CVE-2020-1283%29\" title=\"Skype\" rel=\"nofollow noopener\" target=\"_blank\"><\/a><a class=\"a2a_button_sms\" href=\"https:\/\/www.addtoany.com\/add_to\/sms?linkurl=https%3A%2F%2Flabs.redyops.com%2Findex.php%2F2020%2F04%2F27%2Fdos-via-arbitrary-folder-creation%2F&amp;linkname=Windows%20Denial%20of%20Service%20Vulnerability%20%28CVE-2020-1283%29\" title=\"Message\" rel=\"nofollow noopener\" target=\"_blank\"><\/a><a class=\"a2a_dd addtoany_share_save addtoany_share\" href=\"https:\/\/www.addtoany.com\/share\"><\/a><\/div><\/div>\n\n\n\n<h1 class=\"wp-block-heading\"><strong>Summary<\/strong><\/h1>\n\n\n\n<p><strong>Assigned CVE<\/strong>: CVE-2020-1283 has been assigned and RedyOps Labs has been publicly acknowledged by the vendor.<\/p>\n\n\n\n<p><strong>Known to Neurosoft\u2019s RedyOps Labs since<\/strong>: 11\/03\/2020<\/p>\n\n\n\n<p><strong>Exploit<\/strong>&nbsp;<strong>Code<\/strong>:&nbsp;<a href=\"https:\/\/github.com\/RedyOpsResearchLabs\/CVE-2020-1283_Windows-Denial-of-Service-Vulnerability\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/github.com\/RedyOpsResearchLabs\/CVE-2020-1283_Windows-Denial-of-Service-Vulnerability<\/a> <\/p>\n\n\n\n<p><strong>Vendor\u2019s Advisory<\/strong>: <a href=\"https:\/\/portal.msrc.microsoft.com\/en-us\/security-guidance\/advisory\/CVE-2020-1283\">https:\/\/portal.msrc.microsoft.com\/en-us\/security-guidance\/advisory\/CVE-2020-1283<\/a><\/p>\n\n\n\n<p>This issue has the following description on Microsoft&#8217;s advisory:<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"><p>&#8221; A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding.<\/p><p>To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application or to convince a user to open a specific file on a network share. The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to cause a target system to stop responding.<\/p><p>The update addresses the vulnerability by correcting how Windows handles objects in memory.&#8221;<\/p><\/blockquote>\n\n\n\n<p>We will use a different description, based on the exploit we provided to Microsoft in order to abuse this vulnerability. Our description, may not be technically as accurate as Microsoft&#8217;s description, but our approach may allow someone out there to take this vulnerability beyond the DOS. <\/p>\n\n\n\n<p>An arbitrary folder creation exists on Windows 10 1909. This specific case allows a user with low privileges to create an empty folder, with any chosen name, anywhere in the system. The folders we create inherit their DACL and thus we couldn&#8217;t find a way to exploit the issue in order to perform an Escalation of Privilege. However, we are able to exploit any arbitrary file\/folder creation in order to cause a Blue Screen of Death (BSoD). The latest version we tested is windows 10 1909  (OS Build 18363.778) 64bit .<\/p>\n\n\n\n<h1 class=\"wp-block-heading\"><strong>Description<\/strong><\/h1>\n\n\n\n<p>A user with low privileges (the &#8220;attacker&#8221;), has full control over the folder c:\\Users\\attacker\\AppData\\Roaming\\Microsoft\\Windows . This, allows him to rename the folder to c:\\Users\\attacker\\AppData\\Roaming\\Microsoft\\Windows2 . <\/p>\n\n\n\n<p>If a user\/attacker performs the aforementioned rename action, there are specific circumstances and actions which can be followed in order to force the NT AUTHORITY\\SYSTEM to recreate the following folders:<\/p>\n\n\n\n<ul><li>c:\\Users\\attacker\\AppData\\Roaming\\Microsoft\\<strong>Windows<\/strong>\\<strong>Recent<\/strong> <\/li><li>c:\\Users\\attacker\\AppData\\Roaming\\Microsoft\\<strong>Windows<\/strong>\\<strong>Libraries<\/strong><\/li><\/ul>\n\n\n\n<p>An attacker, can replace those folders with symlinks pointing to a non-existent folder somewhere in the system. When the  NT AUTHORITY\\SYSTEM tries to recreate the folders &#8220;Recent&#8221; and &#8220;Libraries&#8221;, will follow those symlinks and will create the non-existent folder. This way the attacker can create a folder with a chosen name, anywhere in the system.<\/p>\n\n\n\n<h1 class=\"wp-block-heading\"><strong>Exploitation<\/strong><\/h1>\n\n\n\n<ol><li>Login with a user with low privileges. Assume this user has the username &#8220;attacker&#8221;.<\/li><li>Rename the folder C:\\Users\\attacker\\AppData\\Roaming\\Microsoft\\Windows to C:\\Users\\attacker\\AppData\\Roaming\\Microsoft\\Windows<strong>2<\/strong><\/li><li>Run the Exploit.exe (you can find the code on our <a rel=\"noreferrer noopener\" href=\"https:\/\/github.com\/RedyOpsResearchLabs\/\" target=\"_blank\">GitHub<\/a>) and use as arguments the two folders you want to create. As for example:<\/li><\/ol>\n\n\n\n<pre class=\"wp-block-code\"><code>Exploit.exe c:\\windows\\system32\\cng.sys c:\\windows\\addins\\whateverFolder<\/code><\/pre>\n\n\n\n<p>The exploit assumes that your username is attacker. If you want to use another username, change the hard-coded paths to the exploit code and recompile.<\/p>\n\n\n\n<ol><li>Click the Start Button and open the &#8220;Microsoft Solitaire Collection&#8221; or &#8220;Xbox Game Bar&#8221; from the right panel. Usually one of both will trigger the creation of the arbitrary folders.<\/li><li>Check that the folders have been created.<\/li><\/ol>\n\n\n\n<p>The creation of the folder <strong>c:\\windows\\system32\\cng.sys<\/strong> will cause a DoS in the next reboot and the system will need to be repaired.<\/p>\n\n\n\n<h1 class=\"wp-block-heading\"><strong>Video PoC Step By Step<\/strong><\/h1>\n\n\n\n<figure class=\"wp-block-embed-youtube wp-block-embed is-type-video is-provider-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio\"><div class=\"wp-block-embed__wrapper\">\n<iframe loading=\"lazy\" title=\"MS DOS\" width=\"525\" height=\"295\" src=\"https:\/\/www.youtube.com\/embed\/wG99HIeeNrY?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe>\n<\/div><\/figure>\n\n\n\n<p>The exploit takes 2 arguments. These are the two folders we want to create. As for example<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>Exploit.exe c:\\windows\\system32\\folder1 c:\\windows\\addins\\folder2<\/code><\/pre>\n\n\n\n<p>will create the folders c:\\windows\\system32\\folder1 and c:\\windows\\addins\\folder2 . However, you will not be able to write anything inside those folders. <\/p>\n\n\n\n<p>00:00-00:30: Presentation of the environment. We present the user with the low privileges and the fact that the folders c:\\windows\\system32\\cng.sys c:\\windows\\addins\\whateverFolder do not exist in the system.<\/p>\n\n\n\n<p>00:30 &#8211; 00:49: We run the Exploit, but it fails because we have not renamed the C:\\Users\\attacker\\AppData\\Roaming\\Microsoft\\Windows . First we have to rename this folder.<\/p>\n\n\n\n<p>00:49 &#8211; 01:22: We rename the folder C:\\Users\\attacker\\AppData\\Roaming\\Microsoft\\Windows to C:\\Users\\attacker\\AppData\\Roaming\\Microsoft\\Windows2 and we run the exploit again. At this point, the exploit will create all the appropriate symlinks.<\/p>\n\n\n\n<p>01:22 &#8211; 02:17: We open the &#8220;Xbox Game Bar&#8221; which triggers the creation of the Libraries and Recent folders. As we can observe in the Explorer, the folder c:\\windows\\system32\\cng.sys was created. We present that both folders , c:\\windows\\system32\\cng.sys and c:\\windows\\addins\\whateverFolder, have been created and the owner is the &#8220;Administrators&#8221;.<\/p>\n\n\n\n<p>02:17 &#8211; end: We reboot the system and we have the BSoD. The BSoD is caused because of the folder c:\\windows\\system32\\cng.sys. If you choose a folder with another name, it will not cause the BSOD.<\/p>\n\n\n\n<p>If you find a better way to use this primitive and you are willing to share, we would love to hear from you or read your write-up. <\/p>\n\n\n<div class=\"addtoany_shortcode\"><div class=\"a2a_kit a2a_kit_size_32 addtoany_list\" data-a2a-url=\"https:\/\/labs.redyops.com\/index.php\/2020\/04\/27\/dos-via-arbitrary-folder-creation\/\" data-a2a-title=\"Windows Denial of Service Vulnerability (CVE-2020-1283)\"><a class=\"a2a_button_copy_link\" href=\"https:\/\/www.addtoany.com\/add_to\/copy_link?linkurl=https%3A%2F%2Flabs.redyops.com%2Findex.php%2F2020%2F04%2F27%2Fdos-via-arbitrary-folder-creation%2F&amp;linkname=Windows%20Denial%20of%20Service%20Vulnerability%20%28CVE-2020-1283%29\" title=\"Copy Link\" rel=\"nofollow noopener\" target=\"_blank\"><\/a><a class=\"a2a_button_twitter\" href=\"https:\/\/www.addtoany.com\/add_to\/twitter?linkurl=https%3A%2F%2Flabs.redyops.com%2Findex.php%2F2020%2F04%2F27%2Fdos-via-arbitrary-folder-creation%2F&amp;linkname=Windows%20Denial%20of%20Service%20Vulnerability%20%28CVE-2020-1283%29\" title=\"Twitter\" rel=\"nofollow noopener\" target=\"_blank\"><\/a><a class=\"a2a_button_facebook\" href=\"https:\/\/www.addtoany.com\/add_to\/facebook?linkurl=https%3A%2F%2Flabs.redyops.com%2Findex.php%2F2020%2F04%2F27%2Fdos-via-arbitrary-folder-creation%2F&amp;linkname=Windows%20Denial%20of%20Service%20Vulnerability%20%28CVE-2020-1283%29\" title=\"Facebook\" rel=\"nofollow noopener\" target=\"_blank\"><\/a><a class=\"a2a_button_linkedin\" href=\"https:\/\/www.addtoany.com\/add_to\/linkedin?linkurl=https%3A%2F%2Flabs.redyops.com%2Findex.php%2F2020%2F04%2F27%2Fdos-via-arbitrary-folder-creation%2F&amp;linkname=Windows%20Denial%20of%20Service%20Vulnerability%20%28CVE-2020-1283%29\" title=\"LinkedIn\" rel=\"nofollow noopener\" target=\"_blank\"><\/a><a class=\"a2a_button_whatsapp\" href=\"https:\/\/www.addtoany.com\/add_to\/whatsapp?linkurl=https%3A%2F%2Flabs.redyops.com%2Findex.php%2F2020%2F04%2F27%2Fdos-via-arbitrary-folder-creation%2F&amp;linkname=Windows%20Denial%20of%20Service%20Vulnerability%20%28CVE-2020-1283%29\" title=\"WhatsApp\" rel=\"nofollow noopener\" target=\"_blank\"><\/a><a class=\"a2a_button_viber\" href=\"https:\/\/www.addtoany.com\/add_to\/viber?linkurl=https%3A%2F%2Flabs.redyops.com%2Findex.php%2F2020%2F04%2F27%2Fdos-via-arbitrary-folder-creation%2F&amp;linkname=Windows%20Denial%20of%20Service%20Vulnerability%20%28CVE-2020-1283%29\" title=\"Viber\" rel=\"nofollow noopener\" target=\"_blank\"><\/a><a class=\"a2a_button_facebook_messenger\" href=\"https:\/\/www.addtoany.com\/add_to\/facebook_messenger?linkurl=https%3A%2F%2Flabs.redyops.com%2Findex.php%2F2020%2F04%2F27%2Fdos-via-arbitrary-folder-creation%2F&amp;linkname=Windows%20Denial%20of%20Service%20Vulnerability%20%28CVE-2020-1283%29\" title=\"Messenger\" rel=\"nofollow noopener\" target=\"_blank\"><\/a><a class=\"a2a_button_telegram\" href=\"https:\/\/www.addtoany.com\/add_to\/telegram?linkurl=https%3A%2F%2Flabs.redyops.com%2Findex.php%2F2020%2F04%2F27%2Fdos-via-arbitrary-folder-creation%2F&amp;linkname=Windows%20Denial%20of%20Service%20Vulnerability%20%28CVE-2020-1283%29\" title=\"Telegram\" rel=\"nofollow noopener\" target=\"_blank\"><\/a><a class=\"a2a_button_skype\" href=\"https:\/\/www.addtoany.com\/add_to\/skype?linkurl=https%3A%2F%2Flabs.redyops.com%2Findex.php%2F2020%2F04%2F27%2Fdos-via-arbitrary-folder-creation%2F&amp;linkname=Windows%20Denial%20of%20Service%20Vulnerability%20%28CVE-2020-1283%29\" title=\"Skype\" rel=\"nofollow noopener\" target=\"_blank\"><\/a><a class=\"a2a_button_sms\" href=\"https:\/\/www.addtoany.com\/add_to\/sms?linkurl=https%3A%2F%2Flabs.redyops.com%2Findex.php%2F2020%2F04%2F27%2Fdos-via-arbitrary-folder-creation%2F&amp;linkname=Windows%20Denial%20of%20Service%20Vulnerability%20%28CVE-2020-1283%29\" title=\"Message\" rel=\"nofollow noopener\" target=\"_blank\"><\/a><a class=\"a2a_dd addtoany_share_save addtoany_share\" href=\"https:\/\/www.addtoany.com\/share\"><\/a><\/div><\/div>\n\n\n\n<h1 class=\"wp-block-heading\"><strong>Resources<\/strong><\/h1>\n\n\n\n<p><strong>GitHub<\/strong><\/p>\n\n\n\n<p>You can find the exploit code on our Github at&nbsp;<a rel=\"noreferrer noopener\" href=\"https:\/\/github.com\/RedyOpsResearchLabs\/\" target=\"_blank\">https:\/\/github.com\/RedyOpsResearchLabs\/<\/a><\/p>\n\n\n\n<p><strong>RedyOps team<\/strong><\/p>\n\n\n\n<p>RedyOps team, uses the 0-day exploits produced by Research Labs, before vendor releases any patch. They use it in special engagements and only for specific customers.<\/p>\n\n\n\n<p>You can find RedyOps team at&nbsp;<a href=\"https:\/\/redyops.com\/\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/redyops.com\/<\/a><\/p>\n\n\n\n<p><strong>Angel<\/strong><\/p>\n\n\n\n<p>Discovered 0-days which affect marine sector, are being contacted with the Angel Team. ANGEL has been designed and developed to meet the unique and diverse requirements of the merchant marine sector. It secures the vessel\u2019s business, IoT and crew networks by providing oversight, security threat alerting and control of the vessel\u2019s entire network.<\/p>\n\n\n\n<p>You can find Angel team at&nbsp;<a href=\"https:\/\/angelcyber.gr\/\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/angelcyber.gr\/<\/a><\/p>\n\n\n\n<p><strong>Illicium<\/strong><\/p>\n\n\n\n<p>Our 0-days cannot win Illicium. Today\u2019s information technology landscape is threatened by modern adversary security attacks, including 0-day exploits, polymorphic malwares, APTs and targeted attacks. These threats cannot be identified and mitigated using classic detection and prevention technologies; they can mimic valid user activity, do not have a signature, and do not occur in patterns. In response to attackers\u2019 evolution, defenders now have a new kind of weapon in their arsenal: Deception.<\/p>\n\n\n\n<p>You can find Illicium team at&nbsp;<a href=\"https:\/\/deceivewithillicium.com\/\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/deceivewithillicium.com\/<\/a><\/p>\n\n\n\n<p><strong>Neutrify<\/strong><\/p>\n\n\n\n<p>Discovered 0-days are being contacted to the Neutrify team, in order to develop related detection rules. Neutrify is Neurosoft\u2019s 24\u00d77 Security Operations Center, completely dedicated to threats monitoring and attacks detection. Beyond just monitoring, Neutrify offers additional capabilities including advanced forensic analysis and malware reverse engineering to analyze incidents.<\/p>\n\n\n\n<p>You can find Neutrify team at&nbsp;<a href=\"https:\/\/neurosoft.gr\/contact\/\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/neurosoft.gr\/contact\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Summary Assigned CVE: CVE-2020-1283 has been assigned and RedyOps Labs has been publicly acknowledged by the vendor. Known to Neurosoft\u2019s RedyOps Labs since: 11\/03\/2020 Exploit&nbsp;Code:&nbsp;https:\/\/github.com\/RedyOpsResearchLabs\/CVE-2020-1283_Windows-Denial-of-Service-Vulnerability Vendor\u2019s Advisory: https:\/\/portal.msrc.microsoft.com\/en-us\/security-guidance\/advisory\/CVE-2020-1283 This issue has the following description on Microsoft&#8217;s advisory: &#8221; A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully &hellip; <\/p>\n<p class=\"link-more\"><a href=\"https:\/\/labs.redyops.com\/index.php\/2020\/04\/27\/dos-via-arbitrary-folder-creation\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;Windows Denial of Service Vulnerability (CVE-2020-1283)&#8221;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[17,10],"tags":[7,5],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.7 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Windows Denial of Service Vulnerability (CVE-2020-1283) - REDYOPS Labs<\/title>\n<meta name=\"description\" content=\"Exploit Code and WriteUp for Windows Denial of Service Vulnerability (CVE-2020-1283)\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/labs.redyops.com\/index.php\/2020\/04\/27\/dos-via-arbitrary-folder-creation\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Windows Denial of Service Vulnerability (CVE-2020-1283)\" \/>\n<meta property=\"og:description\" content=\"An arbitrary folder creation will be used in order to exploit the Windows Denial of Service Vulnerability (CVE-2020-1283) ...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/labs.redyops.com\/index.php\/2020\/04\/27\/dos-via-arbitrary-folder-creation\/\" \/>\n<meta property=\"og:site_name\" content=\"REDYOPS Labs\" \/>\n<meta property=\"article:published_time\" content=\"2020-04-27T09:54:38+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2020-06-24T07:41:22+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/labs.redyops.com\/wp-content\/uploads\/2020\/04\/dos.png\" \/>\n\t<meta property=\"og:image:width\" content=\"631\" \/>\n\t<meta property=\"og:image:height\" content=\"225\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:title\" content=\"Windows Denial of Service Vulnerability (CVE-2020-1283)\" \/>\n<meta name=\"twitter:description\" content=\"Exploit Code and WriteUp for Windows Denial of Service Vulnerability (CVE-2020-1283)\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/labs.redyops.com\/wp-content\/uploads\/2020\/04\/dos.png\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/labs.redyops.com\/index.php\/2020\/04\/27\/dos-via-arbitrary-folder-creation\/\",\"url\":\"https:\/\/labs.redyops.com\/index.php\/2020\/04\/27\/dos-via-arbitrary-folder-creation\/\",\"name\":\"Windows Denial of Service Vulnerability (CVE-2020-1283) - REDYOPS Labs\",\"isPartOf\":{\"@id\":\"https:\/\/labs.redyops.com\/#website\"},\"datePublished\":\"2020-04-27T09:54:38+00:00\",\"dateModified\":\"2020-06-24T07:41:22+00:00\",\"author\":{\"@id\":\"https:\/\/labs.redyops.com\/#\/schema\/person\/b71c37b49c3ccdc96f0095d5e4161b69\"},\"description\":\"Exploit Code and WriteUp for Windows Denial of Service Vulnerability (CVE-2020-1283)\",\"breadcrumb\":{\"@id\":\"https:\/\/labs.redyops.com\/index.php\/2020\/04\/27\/dos-via-arbitrary-folder-creation\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/labs.redyops.com\/index.php\/2020\/04\/27\/dos-via-arbitrary-folder-creation\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/labs.redyops.com\/index.php\/2020\/04\/27\/dos-via-arbitrary-folder-creation\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/labs.redyops.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Windows Denial of Service Vulnerability (CVE-2020-1283)\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/labs.redyops.com\/#website\",\"url\":\"https:\/\/labs.redyops.com\/\",\"name\":\"REDYOPS Labs\",\"description\":\"Blog\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/labs.redyops.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/labs.redyops.com\/#\/schema\/person\/b71c37b49c3ccdc96f0095d5e4161b69\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/labs.redyops.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/c7bde3be8234c04475e6f42bb697f356?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/c7bde3be8234c04475e6f42bb697f356?s=96&d=mm&r=g\",\"caption\":\"admin\"},\"sameAs\":[\"http:\/\/labs.redyops.com\"],\"url\":\"https:\/\/labs.redyops.com\/index.php\/author\/admin\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Windows Denial of Service Vulnerability (CVE-2020-1283) - REDYOPS Labs","description":"Exploit Code and WriteUp for Windows Denial of Service Vulnerability (CVE-2020-1283)","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/labs.redyops.com\/index.php\/2020\/04\/27\/dos-via-arbitrary-folder-creation\/","og_locale":"en_US","og_type":"article","og_title":"Windows Denial of Service Vulnerability (CVE-2020-1283)","og_description":"An arbitrary folder creation will be used in order to exploit the Windows Denial of Service Vulnerability (CVE-2020-1283) ...","og_url":"https:\/\/labs.redyops.com\/index.php\/2020\/04\/27\/dos-via-arbitrary-folder-creation\/","og_site_name":"REDYOPS Labs","article_published_time":"2020-04-27T09:54:38+00:00","article_modified_time":"2020-06-24T07:41:22+00:00","og_image":[{"width":631,"height":225,"url":"https:\/\/labs.redyops.com\/wp-content\/uploads\/2020\/04\/dos.png","type":"image\/png"}],"author":"admin","twitter_card":"summary_large_image","twitter_title":"Windows Denial of Service Vulnerability (CVE-2020-1283)","twitter_description":"Exploit Code and WriteUp for Windows Denial of Service Vulnerability (CVE-2020-1283)","twitter_image":"https:\/\/labs.redyops.com\/wp-content\/uploads\/2020\/04\/dos.png","twitter_misc":{"Written by":"admin","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/labs.redyops.com\/index.php\/2020\/04\/27\/dos-via-arbitrary-folder-creation\/","url":"https:\/\/labs.redyops.com\/index.php\/2020\/04\/27\/dos-via-arbitrary-folder-creation\/","name":"Windows Denial of Service Vulnerability (CVE-2020-1283) - REDYOPS Labs","isPartOf":{"@id":"https:\/\/labs.redyops.com\/#website"},"datePublished":"2020-04-27T09:54:38+00:00","dateModified":"2020-06-24T07:41:22+00:00","author":{"@id":"https:\/\/labs.redyops.com\/#\/schema\/person\/b71c37b49c3ccdc96f0095d5e4161b69"},"description":"Exploit Code and WriteUp for Windows Denial of Service Vulnerability (CVE-2020-1283)","breadcrumb":{"@id":"https:\/\/labs.redyops.com\/index.php\/2020\/04\/27\/dos-via-arbitrary-folder-creation\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/labs.redyops.com\/index.php\/2020\/04\/27\/dos-via-arbitrary-folder-creation\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/labs.redyops.com\/index.php\/2020\/04\/27\/dos-via-arbitrary-folder-creation\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/labs.redyops.com\/"},{"@type":"ListItem","position":2,"name":"Windows Denial of Service Vulnerability (CVE-2020-1283)"}]},{"@type":"WebSite","@id":"https:\/\/labs.redyops.com\/#website","url":"https:\/\/labs.redyops.com\/","name":"REDYOPS Labs","description":"Blog","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/labs.redyops.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/labs.redyops.com\/#\/schema\/person\/b71c37b49c3ccdc96f0095d5e4161b69","name":"admin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/labs.redyops.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/c7bde3be8234c04475e6f42bb697f356?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/c7bde3be8234c04475e6f42bb697f356?s=96&d=mm&r=g","caption":"admin"},"sameAs":["http:\/\/labs.redyops.com"],"url":"https:\/\/labs.redyops.com\/index.php\/author\/admin\/"}]}},"_links":{"self":[{"href":"https:\/\/labs.redyops.com\/index.php\/wp-json\/wp\/v2\/posts\/114"}],"collection":[{"href":"https:\/\/labs.redyops.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/labs.redyops.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/labs.redyops.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/labs.redyops.com\/index.php\/wp-json\/wp\/v2\/comments?post=114"}],"version-history":[{"count":25,"href":"https:\/\/labs.redyops.com\/index.php\/wp-json\/wp\/v2\/posts\/114\/revisions"}],"predecessor-version":[{"id":272,"href":"https:\/\/labs.redyops.com\/index.php\/wp-json\/wp\/v2\/posts\/114\/revisions\/272"}],"wp:attachment":[{"href":"https:\/\/labs.redyops.com\/index.php\/wp-json\/wp\/v2\/media?parent=114"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/labs.redyops.com\/index.php\/wp-json\/wp\/v2\/categories?post=114"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/labs.redyops.com\/index.php\/wp-json\/wp\/v2\/tags?post=114"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}