# CVE-2024-0197-POC
Proof of concept for Local Privilege Escalation in Thales Sentinel HASP LDK.
I initially wanted to develop one, but eventually that turned out to be unnecessary.
There is no race condition to win, and a simple DLL search order hijacking from a known location suffices to attain SYSTEM.

We simply:
1. compile raw.cpp as fltlib.dll and put it into AppData\Local\Temp (it has to be a proper proxy DLL leading to C:\Windows\System32\fltlib.dll).
2. then just run msiexec.exe /fa PATH_TO_MSI.