Exploit for CVE-2021-40449

Overview

CVE-2021-40449

More info here: https://kristal-g.github.io/2021/11/05/CVE-2021-40449_POC.html

Compiling

I did a bit of a hack with the MinHook library so it supports (somewhat partially) the 2019 Platform Toolset.
That's why I included the lib files with this repo.

Windows Version Adapting

To adapt this repo to another Windows build you have to fix:

  • ntoskrnl.exe gadgets offsets for the rop chain
  • MiGetPteAddress offset in ntoskrnl.exe
  • The size of palettes, according to the (undocumented) size of PDEVOBJ (look at win32kbase!PDEV::Allocate)
  • Shellcode offsets of various structs (shellcode_offsets struct)
Exploit for CVE-2021-40449 - Win32k Elevation of Privilege Vulnerability (LPE)

CallbackHell Exploit for CVE-2021-40449 (Win32k - LPE) CallbackHell Description Technical Writeup PoC References Description CVE-2021-40449 is a use-a

Oliver Lyak 406 Jun 21, 2022
PoC (DoS) for CVE-2021-40449 - Win32k Elevation of Privilege Vulnerability (LPE)

CallbackHell DoS PoC for CVE-2021-40449 (Win32k - LPE) CallbackHell Description Technical Writeup PoC References Description CVE-2021-40449 is a use-a

Oliver Lyak 406 Jun 21, 2022
Exploit to SYSTEM for CVE-2021-21551

CVE-2021-21551 Exploit to SYSTEM for CVE-2021-21551 SpoolPrinter Privesc using SeImpersonatePrivileges was made thanks to

null 236 Jun 15, 2022
a reliable C based exploit for CVE-2021-3560.

CVE-2021-3560 a reliable C based exploit for CVE-2021-3560. Summary: Yestreday i stumbled upon this blog post by Kevin Backhouse (discovered this vuln

hakivvi 34 Jun 21, 2022
Exploit for CVE-2021-30807

Write up is here: https://jsherman212.github.io/2021/11/28/popping_ios14_with_iomfb.html Exploit for CVE-2021-30807. If you really want to build a jai

Justin Sherman 117 Jun 12, 2022
Gex is an iOS 14.7 jailbreak using CVE-2021-30807 IOMFB exploit

Gex is an iOS 14.7 jailbreak using CVE-2021-30807 IOMFB exploit rest of this readme is from jsherman212's exploit repo and probably stuff that is abou

Connor 5 Apr 19, 2022
CVE-2021-4034 One day for the polkit privilege escalation exploit

CVE-2021-4034 One day for the polkit privilege escalation exploit Just execute make, ./cve-2021-4034 and enjoy your root shell. The original advisory

Davide Berardi 1.6k Jun 22, 2022
Self-contained exploit for CVE-2021-4034 - Pkexec Local Privilege Escalation

PwnKit Self-contained exploit for CVE-2021-4034 - Pkexec Local Privilege Escalation Usage Should work out of the box on Linux distributions based on U

Oliver Lyak 538 Jun 27, 2022
This repository contains an exploit of CVE-2021-4034, a local privilege escalation in pkexec

pwnkit (CVE-2021-4034) Privilege Escalation exploit sample This repository contains an exploit of CVE-2021-4034, a local privilege escalation in pkexe

Peter Gottesman 27 Jun 11, 2022
An exploit for CVE-2021-4034 aka Pwnkit: Local Privilege Escalation in polkit's pkexec

CVE-2021-4034 Exploit Usage $ git clone https://github.com/whokilleddb/CVE-2021-4034 $ cd CVE-2021-4034 $ make [!] CVE-2021-4034 Exploit By whokilledd

whokilleddb 2 Feb 5, 2022
desc_race exploit for iOS 15.0 - 15.1.1 (with stable kernel r/w primitives) (CVE-2021-30955)

desc_race "desc_race" (CVE-2021-30955) exploit for iOS 15.0 - 15.1.1 (with stable kernel r/w primitives) Tested to work on iPhone13,2 running iOS 15.1

Dylan Elmbark Sandström 7 Apr 11, 2022
Some hypervisor research notes. There is also a useful exploit template that you can use to verify / falsify any assumptions you may make while auditing code, and for exploit development.

Introduction Over the past few weeks, I've been doing some hypervisor research here and there, with most of my focus being on PCI device emulation cod

Faith 122 Jun 20, 2022
Demo exploit code for CVE-2020-27904, a tfp0 bug.

xattr-oob-swap CVE-2020-27904: a tfp0 bug for macOS 10.15.x and below. Demo exploit code for my talk at BlackHat ASIA 2021. The vulnerability has been

null 66 Jun 14, 2022
Make CVE-2020-0668 exploit work for version < win10 v1903 and version >= win10 v1903

CVE-2020-0668 Made CVE-2020-0668 exploit work for version < win10 v1903 and version >= win10 v1903 Diaghub Exploit (< v1903) powershell exploit works

null 13 Dec 15, 2021
A personal collection of Windows CVE I have turned in to exploit source, as well as a collection of payloads I've written to be used in conjunction with these exploits.

This repository contains a personal collection of Windows CVE I have turned in to exploit source, as well as a collection of payloads I've written to

null 76 Jun 22, 2022
Exploit for Dirty-Pipe (CVE-2022-0847)

Dirty-Pipe (PoC) What is it? Dirty-Pipe is a vulnerability which allows us to overwrite files even if they have read-only permissions. This vulnerabil

Nekox 6 Apr 8, 2022
PoC for CVE-2021-28476 a guest-to-host "Hyper-V Remote Code Execution Vulnerability" in vmswitch.sys.

CVE-2021-28476: a guest-to-host "Microsoft Hyper-V Remote Code Execution Vulnerability" in vmswitch.sys. This is a proof of concept for CVE-2021-28476

Axel Souchet 204 Jun 15, 2022
Local Privilege Escalation Edition for CVE-2021-1675

Local Privilege Escalation Edition of CVE-2021-1675/CVE-2021-34527 Local Privilege Escalation implementation of the CVE-2021-1675/CVE-2021-34527 (a.k.

Halil Dalabasmaz 329 Jun 15, 2022