This repository contains a personal collection of Windows CVE I have turned in
to exploit source, as well as a collection of payloads I've written to be used
in conjunction with these exploits. Some of these CVE have been joined together
in exploit chains for RCE, sandbox escapes and privilege escalation.
In order to use any of these exploits, clone this entire repository to your
local machine and either execute the .html files directly in your browser after
mounting the cloned folder to the E:\ drive, or run "python -m http.server" on
the main/parent folder and execute the .html files from localhost.
Notably, all of the exploits in this repository are referencing the shellcodes
in the Payloads folder. You can modify these payload references to dynamically
select your own shellcode on a per-exploit (or per-chain) basis.
A personal collection of Windows CVE I have turned in to exploit source, as well as a collection of payloads I've written to be used in conjunction with these exploits.
Overview
You might also like...
Exploit for CVE-2021-30807
Write up is here: https://jsherman212.github.io/2021/11/28/popping_ios14_with_iomfb.html Exploit for CVE-2021-30807. If you really want to build a jai
125 Dec 25, 2022
Exploit for CVE-2021-40449 - Win32k Elevation of Privilege Vulnerability (LPE)
CallbackHell Exploit for CVE-2021-40449 (Win32k - LPE) CallbackHell Description Technical Writeup PoC References Description CVE-2021-40449 is a use-a
437 Dec 31, 2022
Gex is an iOS 14.7 jailbreak using CVE-2021-30807 IOMFB exploit
Gex is an iOS 14.7 jailbreak using CVE-2021-30807 IOMFB exploit rest of this readme is from jsherman212's exploit repo and probably stuff that is abou
5 Apr 19, 2022
Linux system service bug gives root on all major distros, exploit published A vulnerability in the pkexec component of Polkit identified as CVE-2021-4034 PwnKit is present in the default configuration of all major Linux distributions and can be exploited to gain privileges over the compj researchers.
CVE-2021-4034 Exploit Usage $ git clone https://github.com/Anonymous-Family/CVE-2021-4034.git $ cd CVE-2021-4034 $ make [!] CVE-2021-4034 Exploit By w
2 Jan 26, 2022
This repository contains an exploit of CVE-2021-4034, a local privilege escalation in pkexec
pwnkit (CVE-2021-4034) Privilege Escalation exploit sample This repository contains an exploit of CVE-2021-4034, a local privilege escalation in pkexe
29 Dec 20, 2022
Self-contained exploit for CVE-2021-4034 - Pkexec Local Privilege Escalation
PwnKit Self-contained exploit for CVE-2021-4034 - Pkexec Local Privilege Escalation Usage Should work out of the box on Linux distributions based on U
702 Dec 28, 2022
CVE-2021-4034 One day for the polkit privilege escalation exploit
CVE-2021-4034 One day for the polkit privilege escalation exploit Just execute make, ./cve-2021-4034 and enjoy your root shell. The original advisory
1.7k Jan 3, 2023
An exploit for CVE-2021-4034 aka Pwnkit: Local Privilege Escalation in polkit's pkexec
CVE-2021-4034 Exploit Usage $ git clone https://github.com/whokilleddb/CVE-2021-4034 $ cd CVE-2021-4034 $ make [!] CVE-2021-4034 Exploit By whokilledd
3 Jun 30, 2022
desc_race exploit for iOS 15.0 - 15.1.1 (with stable kernel r/w primitives) (CVE-2021-30955)
desc_race "desc_race" (CVE-2021-30955) exploit for iOS 15.0 - 15.1.1 (with stable kernel r/w primitives) Tested to work on iPhone13,2 running iOS 15.1
8 Nov 15, 2022
This repo contains demo exploits for CVE-2022-0185. There are two versions here.
CVE-2022-0185 This repo contains demo exploits for CVE-2022-0185. There are two versions here. The non-kctf version (fuse version) specifically target
348 Dec 24, 2022
My exploit for CVE-2021-40449, a Windows LPE via a UAF in win32kfull!GreResetDCInternal.
CVE-2021-40449 My exploit for CVE-2021-40449, a Windows LPE via a UAF in win32kfull!GreResetDCInternal. short wu along with the UAF vulnerabilty other
32 Nov 29, 2022
A shellcode crypto-packing tool for PoC (used with msfvenom payloads)
crypter A shellcode crypto-packing tool for PoC (used with msfvenom/binary payloads) This tool is for proof of concept only - please use responsibly.
12 Dec 16, 2022
Some hypervisor research notes. There is also a useful exploit template that you can use to verify / falsify any assumptions you may make while auditing code, and for exploit development.
Introduction Over the past few weeks, I've been doing some hypervisor research here and there, with most of my focus being on PCI device emulation cod
130 Nov 18, 2022
A library to develop kernel level Windows payloads for post HVCI era
A library to develop kernel level Windows payloads for post HVCI era
283 Dec 15, 2022
Demo exploit code for CVE-2020-27904, a tfp0 bug.
xattr-oob-swap CVE-2020-27904: a tfp0 bug for macOS 10.15.x and below. Demo exploit code for my talk at BlackHat ASIA 2021. The vulnerability has been
64 Nov 9, 2022
Exploit to SYSTEM for CVE-2021-21551
CVE-2021-21551 Exploit to SYSTEM for CVE-2021-21551 SpoolPrinter Privesc using SeImpersonatePrivileges was made thanks to
237 Dec 14, 2022
a reliable C based exploit for CVE-2021-3560.
CVE-2021-3560 a reliable C based exploit for CVE-2021-3560. Summary: Yestreday i stumbled upon this blog post by Kevin Backhouse (discovered this vuln
34 Jun 21, 2022
Make CVE-2020-0668 exploit work for version < win10 v1903 and version >= win10 v1903
CVE-2020-0668 Made CVE-2020-0668 exploit work for version < win10 v1903 and version >= win10 v1903 Diaghub Exploit (< v1903) powershell exploit works
12 Nov 9, 2022
Exploit for CVE-2021-40449
CVE-2021-40449 More info here: https://kristal-g.github.io/2021/11/05/CVE-2021-40449_POC.html Compiling I did a bit of a hack with the MinHook library
49 Dec 23, 2022