Preface
- This project is a collection of Windows privileges, in addition to not pass the test Exp, Demo GIF map, if the code in the project has your code, you have not labeled the source, please submit your Issues
- If there is an omission of the project, please pleasely add Issues and bring the use of code.
- This project is prioritized by the kernel-related rights vulnerability. If there is a remote command execution in the month, only when the Internet is expuple, it will be updated.
- The reliability of the code is self-verified, and the illness items you have caused are not responsible.
Assist
In the project, the lack of ordinary order documentation, if English is good, friends welcome to submit PR
中文文档 | EnglishDocumentation
Numbered list
SecurityBulletin | Description | OperatingSystem |
---|---|---|
CVE-2021-40444 | Windows IE RCE | Windows 7/8.1/10/2008/2012/2016/2019/2022/Server |
CVE-2021-36934 | Windows Elevation | Windows 10 |
CVE-2021-33739 | Microsoft DWM Core Library Elevation | Windows 10/Server |
CVE-2021-26868 | Windows Graphics Component Elevation | Windows 8.1/10/2012/2016/2019/Server |
CVE-2021-1732 | Windows Win32k | Windows 10/2019/Server |
CVE-2021-1709 | Windows Win32k | Windows 7/8.1/10/2008/2012/2016/2019/Server |
CVE-2020-17087 | Windows Kernel Local Elevation of Privilege | Windows 7/8.1/10/2008/2012/2016/2019/Server |
CVE-2020-16938 | Windows Kernel Information Disclosure | Windows Server |
CVE-2020-16898 | Windows TCP/IP Remote Code Execution | Windows 10/2019/Server |
CVE-2020-1337 | Windows Print Spooler Elevation | Windows 7/8.1/10/2008/2012/2016/2019/Server |
CVE-2020-1313 | Windows Update Orchestrator Service Elevation | Windows 10/Server |
CVE-2020-1066 | .NET Framework Elevation | Windows 7/2008 |
CVE-2020-1054 | Win32k Elevation of Privilege | Windows 7/8.1/10/2008/2012/2016/2019/Server |
CVE-2020-1472 | Netlogon Elevation of Privilege | Windows 2008/2012/2016/2019/Server |
CVE-2020-0668 | Windows Kernel Elevation of Privilege | Windows 7/8.1/10/2008/2012/2016/2019/Serve |
CVE-2020-1015 | Windows Elevation of Privilege | Windows 7/8.1/10/2008/2012/2016/2019/Server |
CVE-2020-0796 | SMBv3 Remote Code Execution | Windows Server |
CVE-2020-0787 | Windows Background Intelligent Transfer Service | Windows 7/8/10/2008/2012/2016/2019 |
CVE-2019-0808 | Win32k Elevation of Privilege | Windows 7/2008 |
CVE-2020-0683 | Windows Installer Elevation of Privilege | Windows 7/8.1/10/2008/2012/2016/2019/Server |
CVE-2019-0623 | Win32k Elevation of Privilege | Windows 7/8.1/10/2008/2012/2016/Serve |
CVE-2019-1458 | Win32k Elevation of Privilege | Windows 7/8/10/2008/2012/2016 |
CVE-2019-1388 | Windows Certificate Dialog Elevation of Privilege | Windows 7/8/2008/2012/2016/2019 |
CVE-2019-0859 | Win32k Elevation of Privilege | Windows 7/8/10/2008/2012/2016/2019 |
CVE-2019-0803 | Win32k Elevation of Privilege | Windows 7/8/10/2008/2012/2016/2019 |
CVE-2018-8639 | Win32k Elevation of Privilege | Windows 7/8/10/2008/2012/2016/2019 |
CVE-2018-8453 | Win32k Elevation of Privilege | Windows 7/8/10/2008/2012/2016/2019 |
CVE-2018-8440 | Windows ALPC Elevation of Privilege | Windows 7/8/10/2008/2012/2016 |
CVE-2018-8120 | Win32k Elevation of Privilege | Windows 7/2008 |
CVE-2018-1038 | Windows Kernel Elevation of Privilege | Windows 7/2008 |
CVE-2018-0743 | Windows Subsystem for Linux Elevation of Privilege | Windows 10/2016 |
CVE-2018-0833 | SMBv3 Null Pointer Dereference Denial of Service | Windows 8/2012 |
CVE-2017-8464 | LNK Remote Code Execution | Windows 7/8/10/2008/2012/2016 |
CVE-2017-0213 | Windows COM Elevation of Privilege | Windows 7/8/10/2008/2012/2016 |
CVE-2017-0143 | Windows Kernel Mode Drivers | Windows 7/8/10/2008/2012/2016/Vista |
CVE-2017-0101 | GDI Palette Objects Local Privilege Escalation | Windows 7/8/10/2008/2012/Vista |
CVE-2016-7255 | Windows Kernel Mode Drivers | Windows 7/8/10/2008/2012/2016/Vista |
CVE-2016-3371 | Windows Kernel Elevation of Privilege | Windows 7/8/10/2008/2012/Vista |
CVE-2016-3309 | Win32k Elevation of Privilege | Windows 7/8/10/2008/2012/Vista |
CVE-2016-3225 | Windows SMB Server Elevation of Privilege | Windows 7/8/10/2008/2012/Vista |
CVE-2016-0099 | Secondary Logon Handle | Windows 7/8/10/2008/2012/Vista |
CVE-2016-0095 | Win32k Elevation of Privilege | Windows 7/8/10/2008/2012/Vista |
CVE-2016-0051 | WebDAV Elevation of Privilege | Windows 7/8/10/2008/2012/Vista |
CVE-2016-0041 | Win32k Memory Corruption Elevation of Privilege | Windows 7/8/10/2008/2012/Vista |
CVE-2015-2546 | Win32k Memory Corruption Elevation of Privilege | Windows 7/8/10/2008/2012/Vista |
CVE-2015-2387 | ATMFD.DLL Memory Corruption | Windows 7/8/2003/2008/2012/Vista/Rt |
CVE-2015-2370 | Windows RPC Elevation of Privilege | Windows 7/8/10/2003/2008/2012/Vista |
CVE-2015-1725 | Win32k Elevation of Privilege | Windows 7/8/10/2003/2008/2012/Vista |
CVE-2015-1701 | Windows Kernel Mode Drivers | Windows 7/2003/2008/Vista |
CVE-2015-0062 | Windows Create Process Elevation of Privilege | Windows 7/8/2008/2012 |
CVE-2015-0057 | Win32k Elevation of Privilege | Windows 7/8/2003/2008/2012/Vista |
CVE-2015-0003 | Win32k Elevation of Privilege | Windows 7/8/2003/2008/2012/Vista |
CVE-2015-0002 | Microsoft Application Compatibility Infrastructure Elevation of Privilege | Windows 7/8/2003/2008/2012 |
CVE-2014-6324 | Kerberos Checksum Vulnerability | Windows 7/8/2003/2008/2012/Vista |
CVE-2014-6321 | Microsoft Schannel Remote Code Execution | Windows 7/8/2003/2008/2012/Vista |
CVE-2014-4113 | Win32k.sys Elevation of Privilege | Windows 7/8/2003/2008/2012/Vista |
CVE-2014-4076 | TCP/IP Elevation of Privilege | Windows 2003 |
CVE-2014-1767 | Ancillary Function Driver Elevation of Privilege | Windows 7/8/2003/2008/2012/Vista |
CVE-2013-5065 | NDProxy.sys | Windows XP/2003 |
CVE-2013-1345 | Kernel Driver | Windows 7/8/2003/2008/2012/Vista/Rt/Xp |
CVE-2013-1332 | DirectX Graphics Kernel Subsystem Double Fetch | Windows 7/8/2003/2008/2012/Vista/Rt |
CVE-2013-0008 | Win32k Improper Message Handling | Windows 7/8/2008/2012/Vista/Rt |
CVE-2012-0217 | Service Bus | Windows 7/2003/2008/Xp |
CVE-2012-0002 | Remote Desktop Protocol | Windows 7/2003/2008/Vista/Xp |
CVE-2011-2005 | Ancillary Function Driver Elevation of Privilege | Windows 2003/Xp |
CVE-2011-1974 | NDISTAPI Elevation of Privilege | Windows 2003/Xp |
CVE-2011-1249 | Ancillary Function Driver Elevation of Privilege | Windows 7/2003/2008/Vista/Xp |
CVE-2011-0045 | Windows Kernel Integer Truncation | Windows Xp |
CVE-2010-4398 | Driver Improper Interaction with Windows Kernel | Windows 7/2003/2008/Vista/Xp |
CVE-2010-3338 | Task Scheduler | Windows 7/2008/Vista |
CVE-2010-2554 | Tracing Registry Key ACL | Windows 7/2008/Vista |
CVE-2010-1897 | Win32k Window Creation | Windows 7/2003/2008/Vista/Xp |
CVE-2010-0270 | SMB Client Transaction | Windows 7/2008 |
CVE-2010-0233 | Windows Kernel Double Free | Windows 2000/2003/2008/Vista/Xp |
CVE-2010-0020 | SMB Pathname Overflow | Windows 7/2000/2003/2008/Vista/Xp |
CVE-2009-2532 | SMBv2 Command Value | Windows 2008/Vista |
CVE-2009-0079 | Windows RPCSS Service Isolation | Windows 2003/Xp |
CVE-2008-4250 | Server Service | Windows 2000/2003/Vista/Xp |
CVE-2008-4037 | SMB Credential Reflection | Windows 2000/2003/2008/Vista/Xp |
CVE-2008-3464 | AFD Kernel Overwrite | Windows 2003/Xp |
CVE-2008-1084 | Win32.sys | Windows 2000/2003/2008/Vista/Xp |
CVE-2006-3439 | Remote Code Execution | Windows 2000/2003/Xp |
CVE-2005-1983 | PnP Service | Windows 2000/Xp |
CVE-2003-0352 | Buffer Overrun In RPC Interface | Windows 2000/2003/Xp/Nt |
-
Test target system
#Windows 7 SP1 X64 ed2k://|file|cn_windows_7_home_premium_with_sp1_x64_dvd_u_676691.iso|3420557312|1A3CF44F3F5E0BE9BBC1A938706A3471|/ #Windows 7 SP1 X86 ed2k://|file|cn_windows_7_home_premium_with_sp1_x86_dvd_u_676770.iso|2653276160|A8E8BD4421174DF34BD14D60750B3CDB|/ #Windows Server 2008 R2 SP1 X64 ed2k://|file|cn_windows_server_2008_r2_standard_enterprise_datacenter_and_web_with_sp1_x64_dvd_617598.iso|3368839168|D282F613A80C2F45FF23B79212A3CF67|/ #Windows Server 2003 R2 SP2 x86 ed2k://|file|cn_win_srv_2003_r2_enterprise_with_sp2_vl_cd1_X13-46432.iso|637917184|284DC0E76945125035B9208B9199E465|/ #Windows Server 2003 R2 SP2 x64 ed2k://|file|cn_win_srv_2003_r2_enterprise_x64_with_sp2_vl_cd1_X13-47314.iso|647686144|107F10D2A7FF12FFF0602FF60602BB37|/ #Windows Server 2008 SP2 x86 ed2k://|file|cn_windows_server_standard_enterprise_and_datacenter_with_sp2_x86_dvd_x15-41045.iso|2190057472|E93B029C442F19024AA9EF8FB02AC90B|/ #Windows Server 2000 SP4 x86 ed2k://|file|ZRMPSEL_CN.iso|402690048|00D1BDA0F057EDB8DA0B29CF5E188788|/ #Windows Server 2003 SP2 x86 thunder://QUFodHRwOi8vcy5zYWZlNS5jb20vV2luZG93c1NlcnZlcjIwMDNTUDJFbnRlcnByaXNlRWRpdGlvbi5pc29aWg== #Windows 8.1 x86 ed2k://|file|cn_windows_8_1_enterprise_x86_dvd_2972257.iso|3050842112|6B60ABF8282F943FE92327463920FB67|/ #Windows 8.1 x64 ed2k://|file|cn_windows_8_1_x64_dvd_2707237.iso|4076017664|839CBE17F3CE8411E8206B92658A91FA|/ #Windows 10 1709 x64 ed2k://|file|cn_windows_10_multi-edition_vl_version_1709_updated_dec_2017_x64_dvd_100406208.iso|5007116288|317BDC520FA2DD6005CBA8293EA06DF6|/ #Windows 10 2004 x64 (2020-05-21 release version) magnet:?xt=urn:btih:8E49569FDE852E4F3CCB3D13EFB296B6B02D82A6 #Windows 10 1909 x64 ed2k://|file|cn_windows_10_business_editions_version_1909_x64_dvd_0ca83907.iso|5275090944|9BCD5FA6C8009E4D0260E4B23008BD47|/
-
Linux compilation environment
sudo vim /etc/apt/sources.list #在sources.list末尾添加deb http://us.archive.ubuntu.com/ubuntu trusty main universe sudo apt-get update sudo apt-get install mingw32 mingw32-binutils mingw32-runtime sudo apt-get install gcc-mingw-w64-i686 g++-mingw-w64-i686 mingw-w64-tools
-
Windows compilation environment
#(.NET download address)https://dotnet.microsoft.com/download/visual-studio-sdks?utm_source=getdotnetsdk&utm_medium=referral VS2019(内置V142、V141、V120、V110、V100、V141_xp、V120_xp、V110_xp、MFC、.NET Framework 4.7.2)
Due to the large content of the project, it is inevitable that there will be some typos or missing CVE numbers. If you find an error, you still hope to submit Issues to help me maintain the project.
No test success number
The following numbers are all CVEs that failed to pass the recurrence test after screening, with reasons for failure, and welcome to submit PR
SecurityBulletin | Remarks |
---|---|
CVE-2021-1709 | January 2021 patch, routine update |
CVE-2020-17087 | Patch in November 2020, only proof of concept, no exploit code |
CVE-2015-0002 | Source code failed to test |
CVE-2015-0062 | Source code and EXP failed to test successfully |
CVE-2015-1725 | Unknown compilation method with source code |
CVE-2016-3309 | Source code and EXP failed to test successfully |
CVE-2014-6321 | Only winshock_test.sh file |
CVE-2019-0859 | Need to install windows7 sp1 x64 Need to update the March 2019 patch |
CVE-2018-8440 | unknown |
CVE-2018-1038 | Unknown compilation method with source code |
CVE-2013-5065 | Lack of NDProxy environment |
CVE-2013-0008 | unknown |
CVE-2009-0079 | Failed to use |
CVE-2011-0045 | Could not find available EXP |
CVE-2010-2554 | Could not find available EXP |
CVE-2005-1983 | Source code and EXP failed to test successfully |
CVE-2012-0002 | Blue screen vulnerabilities have no practical value |
CVE-2010-0020 | Could not find available EXP |
CVE-2014-6324 | unknown |
CVE-2018-0743 | Could not find available EXP |
This project is only oriented to legally authorized corporate safety construction behaviors. When using this project for testing, you should ensure that the behavior complies with local laws and regulations and has obtained sufficient authorization.
If you have any illegal behavior in the process of using this project, you need to bear the corresponding consequences yourself, and we will not bear any legal and joint liabilities.
Before using this project, please read carefully and fully understand the content of each clause. Restrictions, exemption clauses or other clauses involving your major rights and interests may be bolded, underlined, etc. to remind you to pay attention. Unless you have fully read, fully understood and accepted all the terms of this agreement, please do not use this item. Your use behavior or your acceptance of this agreement in any other express or implied manner shall be deemed to have been read and agreed to be bound by this agreement.