SystemGap - Maintenance Tools after privilege escalation

Overview

SystemGap

适用于解决不稳定Windows漏洞提权成功后进行权限驻守的办法

SystemGap - 监听者

SystemGap 负责监听一个任意用户可读写的匿名管道,从管道中读取命令进行执行

SystemGapClient - 发送者

SystemGapClient 负责向匿名管道中传入指令

通过低权限的匿名管道传递命令,实现长久时间处于低权限的进程随时能够以高权限运行任意代码。

演示

解决以下问题

  • 提权的时候第一次成功了,但是后续无法继续提权,因此可以使用SystemGap持续驻守高权限。

核心技术原理 : Windows安全描述符、Windows权限控制相关的防御与攻击技术

Issues
  • 新增COM版本,可以通过VBS调用、DCOM横向

    新增COM版本,可以通过VBS调用、DCOM横向

    调用COM ProgID : SystemGapCOM.SystemGapObject 对象可以创建匿名可读可写的SystemGap

    [Guid("793586dd-ce44-432f-a5e8-358791e99e1d")]
    interface ISystemGapObject
    {
       /* Methods */
       void Create();
    }
    
    
    opened by Rvn0xsy 0
Releases(v0.0.4)
Owner
倾旋
Security Enthusiast and Developer
倾旋
Bring your own print driver privilege escalation tool

Concealed Position Concealed Position is a local privilege escalation attack against Windows using the concept of "Bring Your Own Vulnerability". Spec

Jacob Baines 208 Jul 16, 2022
CVE-2021-24084 Windows Local Privilege Escalation Left officially unpatched since 2020. Hence, its still a zero day

WindowsMDM-LPE-0Day Works best on Windows 11 CVE-2021-24084 Windows Local Privilege Escalation Left officially unpatched since 2020. Hence, its still

Exploit Blizzard 35 Aug 9, 2022
Just another "Won't Fix" Windows Privilege Escalation from User to Domain Admin.

RemotePotato0 Just another "Won't Fix" Windows Privilege Escalation from User to Domain Admin. RemotePotato0 is an exploit that allows you to escalate

null 1.1k Aug 3, 2022
CVE-2021-4034 One day for the polkit privilege escalation exploit

CVE-2021-4034 One day for the polkit privilege escalation exploit Just execute make, ./cve-2021-4034 and enjoy your root shell. The original advisory

Davide Berardi 1.6k Aug 6, 2022
PoC for PwnKit: Local Privilege Escalation Vulnerability in polkit’s pkexec (CVE-2021-4034)

CVE-2021-4034 PoC for PwnKit: Local Privilege Escalation Vulnerability in polkit’s pkexec (CVE-2021-4034) https://seclists.org/oss-sec/2022/q1/80 http

Andris Raugulis 898 Aug 9, 2022
Self-contained exploit for CVE-2021-4034 - Pkexec Local Privilege Escalation

PwnKit Self-contained exploit for CVE-2021-4034 - Pkexec Local Privilege Escalation Usage Should work out of the box on Linux distributions based on U

Oliver Lyak 584 Aug 9, 2022
CVE-2021-4034: Local Privilege Escalation in polkit's pkexec proof of concept

CVE-2021-4034 Proof of Concept Qualys researches found a pretty cool local privilege escalation vulnerability in Polkit's pkexec: writeup, tweet. This

Marco Bonelli 20 Jun 22, 2022
This repository contains an exploit of CVE-2021-4034, a local privilege escalation in pkexec

pwnkit (CVE-2021-4034) Privilege Escalation exploit sample This repository contains an exploit of CVE-2021-4034, a local privilege escalation in pkexe

Peter Gottesman 26 Jul 19, 2022
CVE-2021-4034 Add Root User - Pkexec Local Privilege Escalation

CVE-2021-4034 CVE-2021-4034 Add Root User - Pkexec Local Privilege Escalation 根据CVE-2021-4034进行了加强,执行Exploit将会默认添加用户名rooter,密码[email protected],并且rooter用户将具

倾旋 80 Aug 10, 2022
An exploit for CVE-2021-4034 aka Pwnkit: Local Privilege Escalation in polkit's pkexec

CVE-2021-4034 Exploit Usage $ git clone https://github.com/whokilleddb/CVE-2021-4034 $ cd CVE-2021-4034 $ make [!] CVE-2021-4034 Exploit By whokilledd

whokilleddb 3 Jun 30, 2022
A utility to automate the installation, maintenance, and debugging of Asterisk/DAHDI, while integrating additional patches to provide the richest telephony experience

PhreakScript A utility to automate the installation, maintenance, and debugging of Asterisk/DAHDI, while integrating additional patches to provide the

null 7 Aug 3, 2022
Suckless-tools - My fork of suckless tools.

suckless-tools Here is my fork of suckless tools. I didn't include tabbed, i was using but not actively. I am using xfce4-terminal instead of st. Beca

null 2 Jan 7, 2022
The Vulkan Profiles Tools are a collection of tools delivered with the Vulkan SDK for Vulkan application developers to leverage Vulkan Profiles while developing a Vulkan application

Copyright © 2021-2022 LunarG, Inc. Vulkan Profiles Tools (BETA) The Vulkan Profiles Tools are a collection of tools delivered with the Vulkan SDK for

The Khronos Group 56 Jul 31, 2022
A simple-to-build ortholinear keyboard named after a famous penguin

Nils Olav A simple-to-build, low-profile, ortholinear keyboard named after a famous penguin. This keyboard is based around the Elite-C v4. It features

Andrew Harvie 9 May 27, 2022
Standard project template for C++ projects, modeled after OpenCV's GitHub

C++ Project Template Generic C++ modular template for projects. Project Structure The project structure is created to maximize modularity, increase co

Benjamin Nguyen 6 Apr 21, 2022
This repository uses a ROS node to subscribe to camera (hikvision) and lidar (livox) data. After the node merges the data, it publishes the colored point cloud and displays it in rviz.

fusion-lidar-camera-ROS 一、介绍 本仓库是一个ROS工作空间,其中ws_fusion_camera/src有一个工具包color_pc ws_fusion_camera │ README.md │ └───src │ └───package: c

hongyu wang 16 Jul 22, 2022
RISCAL is a 32-bit reduced instruction-set computer (RISC) designed for learning and research purposes. It is named after my dog, Rascal.

RISCAL CPU RISCAL is a 32-bit custom instruction set architecture virtual machine. It is intended to be used for learning/research purposes. In a nuts

null 3 Dec 23, 2021
You must create a small 2D game where a dolphin escapes earth after eating some fish. ✅‎‎‎‏‏‎ ‎

so_long Subject You must create a small 2D game where a dolphin escapes earth after eating some fish. Or any hero collects any valuables before leavin

esafar ~ c2h6 16 Jun 1, 2022
Plex media server local privilige escalation poc - CVE-2021-42835

Local Privilege PlEXcalasion - CVE-2021-42835 Plex Media Server for Windows prior to version 1.25.0.5282, vulnerable to Time Of Check Time Of Use (TOC

null 6 May 24, 2022