Windows Privilege Escalation
*For educational and authorized security research purposes only* Exploit for CVE-2021-1732 (Win32k) - Local Privilege Escalation
Original Exploit Authors
Vulnerability Description
A vulnerability exists within win32k that can be leveraged by an attacker to escalate privileges to those of NT AUTHORITY\SYSTEM. The flaw exists in how the WndExtra field of a window can be manipulated into being treated as an offset despite being populated by an attacker-controlled value. This can be leveraged to achieve an out of bounds write operation, eventually leading to privilege escalation. This flaw was originally identified as CVE-2021-1732 and was patched by Microsoft on February 9th, 2021. In early 2022.
Usage
CVE-2021-1732.exe "the-command"
Options
"the-command" Use every command supported by Command Line Interfaces (CLI), such as "whoami"
Download Via Original Source
Download Exploit Script for CVE-2021-3560 Here
Exploit Requirements
- Command Prompt
- Proccess Hacker
Demo
Tested On
- Windows 10 Version 2004
Affected Windows Versions:
Windows Server, version 20H2 (Server Core Installation), Windows 10 Version 20H2, Windows Server, version 2004 (Server Core installation), Windows 10 Version 2004, Windows Server, version 1909 (Server Core installation), Windows 10 Version 1909, Windows Server 2019 (Server Core installation), Windows Server 2019, Windows 10 Version 1809