Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Does FolderContentsDeleteToFolderDelete.exe Still Work on Windows 11 24H2? #8

Open
CyberGeeGee opened this issue Jan 18, 2025 · 1 comment
Open

Does FolderContentsDeleteToFolderDelete.exe Still Work on Windows 11 24H2? #8

CyberGeeGee opened this issue Jan 18, 2025 · 1 comment

Comments

@CyberGeeGee
Copy link

Hello,

I've been testing with the FolderContentsDeleteToFolderDelete.exe exploit and it has been working quite well on the latest build of Windows 10 22H2 and Windows 11 23H2.

However, I noticed on Windows 11 24H2, it will always fail for some reason. A simple test with the del /q C:\path\to\folder\* command will not succeed.
I know this exploit still relies on a race condition, but I've tried countless times with low CPU usage and it has not succeeded once on 24H2.

Have you experienced this lately as well and if so, any idea if Microsoft has changed something in the latest version that might interfere with this exploit? Note the FolderOrFileDeleteToSYSTEM exploit still works flawlessly.

Thanks,
G
@CyberGeeGee
Copy link
Author

Looks like the latest updates for Windows 11 may have killed the ::$INDEX_ALLOCATION trick and that may be why the exploit no longer works. There are talks about it here as well: https://x.com/filip_dragovic/status/1881091708039131441

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@CyberGeeGee