CVE-­2021­-1732 Microsoft Windows 10 本地提权漏 研究及Poc/Exploit开发

Overview

CVE-2021-1732

CVE-­2021­-1732 Microsoft Windows 10 本地提权漏 研究及Poc/Exploit开发

受影响系统及应用版本
Windows Server, version 20H2 (Server Core Installation)
Windows 10 Version 20H2 for ARM64­based Systems
Windows 10 Version 20H2 for 32­bit Systems
Windows 10 Version 20H2 for x64­based Systems
Windows Server, version 2004 (Server Core installation)
Windows 10 Version 2004 for x64­based Systems
Windows 10 Version 2004 for ARM64­based Systems
Windows 10 Version 2004 for 32­bit Systems
Windows Server, version 1909 (Server Core installation)
Windows 10 Version 1909 for ARM64­based Systems
Windows 10 Version 1909 for x64­based Systems
Windows 10 Version 1909 for 32­bit Systems
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64­based Systems
Windows 10 Version 1809 for x64­based Systems
Windows 10 Version 1809 for 32­bit Systems
Windows 10 Version 1803 for ARM64­based Systems
Windows 10 Version 1803 for x64­based Systems

Exploit攻击效果图
Image text

You might also like...
WinMerge is an Open Source differencing and merging tool for Windows.
WinMerge is an Open Source differencing and merging tool for Windows.

WinMerge is an Open Source differencing and merging tool for Windows. WinMerge can compare both folders and files, presenting differences in a visual text format that is easy to understand and handle.

x64 Windows PatchGuard bypass, register process-creation callbacks from unsigned code
x64 Windows PatchGuard bypass, register process-creation callbacks from unsigned code

NoPatchGuardCallback x64 Windows PatchGuard bypass, register process-creation callbacks from unsigned code Read: https://www.godeye.club/2021/05/22/00

An asynchronous directory file change watcher module for Windows, macOS and Linux wrapped for V

A V module for asynchronously watching for file changes in a directory. The module is essentially a wrapper for septag/dmon. It works for Windows, macOS and Linux.

WhyNotWin11 - Detection Script to help identify why your PC isn't Windows 11 ready
WhyNotWin11 - Detection Script to help identify why your PC isn't Windows 11 ready

Detection Script to help identify why your PC isn't Windows 11 ready

C/C++ Windows Process Injector for Educational Purposes.

ProcessInjector C/C++ Windows Process Injector for Educational Purposes. What does this software do? This is a simple process injector that uses the C

Windows kernel hacking framework, driver template, hypervisor and API written on C++

Windows kernel hacking framework, driver template, hypervisor and API written on C++

simple and efficient screen recording utility for Windows

wcap Simple and efficient screen recording utility for Windows. Get latest binary here: wcap.exe press Ctrl + PrintScreen to start recording monitor (

A proof of concept demonstrating instrumentation callbacks on Windows 10 21h1 with a TLS variable to ensure all syscalls are caught.

Instrumentation callbacks are quite a fun undocumented part of Windows. All the code in this repository is released under the MIT license. This repository uses google style C++.

minimal msvc-windows exclusive lazy importer for C++

Lazy-Importer minimalistic msvc-windows exclusive lazy importer for C++20 (c++2a) Credits 0x90 (@AmJayden) @gogo9211 What is this? This lazy importer

Owner
null
The C++ REST SDK is a Microsoft project for cloud-based client-server communication in native code using a modern asynchronous C++ API design. This project aims to help C++ developers connect to and interact with services.

The C++ REST SDK is a Microsoft project for cloud-based client-server communication in native code using a modern asynchronous C++ API design. This project aims to help C++ developers connect to and interact with services.

Microsoft 7.2k Jan 2, 2023
PoC: Exploit 32-bit Thread Snapshot of WOW64 to Take Over $RIP & Inject & Bypass Antivirus HIPS (HITB 2021)

wowInjector Inject payload to WOW64(Windows 32 on Windows 64) process via exploit 32-bit thread snapshot. This trick makes us possible to do malicious

Sheng-Hao Ma 145 Nov 9, 2022
the checkra1n set of tools targeting bare metal, Linux and Windows

Universal toolchain Low-effort cross-compiling for the masses. What's Universal toolchain? It's a collection of sysroots and shell scripts in such a w

null 67 Jan 5, 2023
Play Doh Windows ACL Tools

PDAcl 是一个支持Windows活动目录扩展权限设置、Windows活动目录常规权限设置、Windows服务权限设置的命令工具。

倾旋 61 Oct 30, 2022
This project aims to facilitate debugging a kernel driver in windows by adding support for a code change on the fly without reboot/unload, and more!

BSOD Survivor Tired of always telling yourself when you got a BSOD that what if I could just return to the caller function which caused the BSOD, and

Ido Westler 159 Dec 21, 2022
Exploit for the RpcEptMapper registry key permissions vulnerability (Windows 7 / 2088R2 / 8 / 2012)

Perfusion On Windows 7, Windows Server 2008R2, Windows 8, and Windows Server 2012, the registry key of the RpcEptMapper and DnsCache (7/2008R2 only) s

Clément Labro 397 Jan 3, 2023
Windows user-land hooks manipulation tool.

MineSweeper Windows user-land hooks manipulation tool. Highlights Supports any x64/x86 Windows DLL (actually, any x64/x86 Windows PE for that matter)

Arsenii Pustovit 130 Dec 9, 2022
Orbit, the Open Runtime Binary Instrumentation Tool, is a standalone C/C++ profiler for Windows and Linux

Orbit, the Open Runtime Binary Instrumentation Tool, is a standalone C/C++ profiler for Windows and Linux. Its main purpose is to help developers visualize the execution flow of a complex application.

Google 3k Dec 30, 2022
Windows x64 rootkit

P4tch3r Windows x64 rootkit (tested on Windows 7) It's PoC of patching NtTerminateProcess function by just overwriting instructions catching arguments

null 7 Jul 22, 2022
AlleyWind is an advanced Win32-based and open-sourced utility that helps you to manage system's windows

AlleyWind AlleyWind is an advanced Win32-based and open-sourced utility that helps you to manage system's windows. AlleyWind could: Displays a graphic

KNSoft 22 Oct 20, 2022