/Kernelhub

:palm_tree:Windows Kernel privilege escalation vulnerability collection, with compilation environment, demo GIF map, vulnerability details, executable file (Windows提权漏洞合集)

Primary LanguageCGNU Affero General Public License v3.0AGPL-3.0

Welcome to Kernelhub

Release Release Release Release Release Release

Preface

  • This project is a collection of Windows privileges, in addition to not pass the test Exp, Demo GIF map, if the code in the project has your code, you have not labeled the source, please submit your Issues
  • If there is an omission of the project, please pleasely add Issues and bring the use of code.
  • This project is prioritized by the kernel-related rights vulnerability. If there is a remote command execution in the month, only when the Internet is expuple, it will be updated.
  • The reliability of the code is self-verified, and the illness items you have caused are not responsible.

Assist

In the project, the lack of ordinary order documentation, if English is good, friends welcome to submit PR

中文文档 | EnglishDocumentation

Numbered list

SecurityBulletin Description OperatingSystem
CVE-2021-40449 Windows Win32k Windows 7/8.1/10/11/2008/2012/2016/2019/2022/Server
CVE-2021-40444 Windows IE RCE Windows 7/8.1/10/2008/2012/2016/2019/2022/Server
CVE-2021-36934 Windows Elevation Windows 10
CVE-2021-33739 Microsoft DWM Core Library Elevation Windows 10/Server
CVE-2021-26868 Windows Graphics Component Elevation Windows 8.1/10/2012/2016/2019/Server
CVE-2021-1732 Windows Win32k Windows 10/2019/Server
CVE-2021-1709 Windows Win32k Windows 7/8.1/10/2008/2012/2016/2019/Server
CVE-2020-17087 Windows Kernel Local Elevation of Privilege Windows 7/8.1/10/2008/2012/2016/2019/Server
CVE-2020-16938 Windows Kernel Information Disclosure Windows Server
CVE-2020-16898 Windows TCP/IP Remote Code Execution Windows 10/2019/Server
CVE-2020-1337 Windows Print Spooler Elevation Windows 7/8.1/10/2008/2012/2016/2019/Server
CVE-2020-1313 Windows Update Orchestrator Service Elevation Windows 10/Server
CVE-2020-1066 .NET Framework Elevation Windows 7/2008
CVE-2020-1054 Win32k Elevation of Privilege Windows 7/8.1/10/2008/2012/2016/2019/Server
CVE-2020-1472 Netlogon Elevation of Privilege Windows 2008/2012/2016/2019/Server
CVE-2020-0668 Windows Kernel Elevation of Privilege Windows 7/8.1/10/2008/2012/2016/2019/Serve
CVE-2020-1015 Windows Elevation of Privilege Windows 7/8.1/10/2008/2012/2016/2019/Server
CVE-2020-0796 SMBv3 Remote Code Execution Windows Server
CVE-2020-0787 Windows Background Intelligent Transfer Service Windows 7/8/10/2008/2012/2016/2019
CVE-2019-0808 Win32k Elevation of Privilege Windows 7/2008
CVE-2020-0683 Windows Installer Elevation of Privilege Windows 7/8.1/10/2008/2012/2016/2019/Server
CVE-2019-0623 Win32k Elevation of Privilege Windows 7/8.1/10/2008/2012/2016/Serve
CVE-2019-1458 Win32k Elevation of Privilege Windows 7/8/10/2008/2012/2016
CVE-2019-1388 Windows Certificate Dialog Elevation of Privilege Windows 7/8/2008/2012/2016/2019
CVE-2019-0859 Win32k Elevation of Privilege Windows 7/8/10/2008/2012/2016/2019
CVE-2019-0803 Win32k Elevation of Privilege Windows 7/8/10/2008/2012/2016/2019
CVE-2018-8639 Win32k Elevation of Privilege Windows 7/8/10/2008/2012/2016/2019
CVE-2018-8453 Win32k Elevation of Privilege Windows 7/8/10/2008/2012/2016/2019
CVE-2018-8440 Windows ALPC Elevation of Privilege Windows 7/8/10/2008/2012/2016
CVE-2018-8120 Win32k Elevation of Privilege Windows 7/2008
CVE-2018-1038 Windows Kernel Elevation of Privilege Windows 7/2008
CVE-2018-0743 Windows Subsystem for Linux Elevation of Privilege Windows 10/2016
CVE-2018-0833 SMBv3 Null Pointer Dereference Denial of Service Windows 8/2012
CVE-2017-8464 LNK Remote Code Execution Windows 7/8/10/2008/2012/2016
CVE-2017-0213 Windows COM Elevation of Privilege Windows 7/8/10/2008/2012/2016
CVE-2017-0143 Windows Kernel Mode Drivers Windows 7/8/10/2008/2012/2016/Vista
CVE-2017-0101 GDI Palette Objects Local Privilege Escalation Windows 7/8/10/2008/2012/Vista
CVE-2016-7255 Windows Kernel Mode Drivers Windows 7/8/10/2008/2012/2016/Vista
CVE-2016-3371 Windows Kernel Elevation of Privilege Windows 7/8/10/2008/2012/Vista
CVE-2016-3309 Win32k Elevation of Privilege Windows 7/8/10/2008/2012/Vista
CVE-2016-3225 Windows SMB Server Elevation of Privilege Windows 7/8/10/2008/2012/Vista
CVE-2016-0099 Secondary Logon Handle Windows 7/8/10/2008/2012/Vista
CVE-2016-0095 Win32k Elevation of Privilege Windows 7/8/10/2008/2012/Vista
CVE-2016-0051 WebDAV Elevation of Privilege Windows 7/8/10/2008/2012/Vista
CVE-2016-0041 Win32k Memory Corruption Elevation of Privilege Windows 7/8/10/2008/2012/Vista
CVE-2015-2546 Win32k Memory Corruption Elevation of Privilege Windows 7/8/10/2008/2012/Vista
CVE-2015-2387 ATMFD.DLL Memory Corruption Windows 7/8/2003/2008/2012/Vista/Rt
CVE-2015-2370 Windows RPC Elevation of Privilege Windows 7/8/10/2003/2008/2012/Vista
CVE-2015-1725 Win32k Elevation of Privilege Windows 7/8/10/2003/2008/2012/Vista
CVE-2015-1701 Windows Kernel Mode Drivers Windows 7/2003/2008/Vista
CVE-2015-0062 Windows Create Process Elevation of Privilege Windows 7/8/2008/2012
CVE-2015-0057 Win32k Elevation of Privilege Windows 7/8/2003/2008/2012/Vista
CVE-2015-0003 Win32k Elevation of Privilege Windows 7/8/2003/2008/2012/Vista
CVE-2015-0002 Microsoft Application Compatibility Infrastructure Elevation of Privilege Windows 7/8/2003/2008/2012
CVE-2014-6324 Kerberos Checksum Vulnerability Windows 7/8/2003/2008/2012/Vista
CVE-2014-6321 Microsoft Schannel Remote Code Execution Windows 7/8/2003/2008/2012/Vista
CVE-2014-4113 Win32k.sys Elevation of Privilege Windows 7/8/2003/2008/2012/Vista
CVE-2014-4076 TCP/IP Elevation of Privilege Windows 2003
CVE-2014-1767 Ancillary Function Driver Elevation of Privilege Windows 7/8/2003/2008/2012/Vista
CVE-2013-5065 NDProxy.sys Windows XP/2003
CVE-2013-1345 Kernel Driver Windows 7/8/2003/2008/2012/Vista/Rt/Xp
CVE-2013-1332 DirectX Graphics Kernel Subsystem Double Fetch Windows 7/8/2003/2008/2012/Vista/Rt
CVE-2013-0008 Win32k Improper Message Handling Windows 7/8/2008/2012/Vista/Rt
CVE-2012-0217 Service Bus Windows 7/2003/2008/Xp
CVE-2012-0002 Remote Desktop Protocol Windows 7/2003/2008/Vista/Xp
CVE-2011-2005 Ancillary Function Driver Elevation of Privilege Windows 2003/Xp
CVE-2011-1974 NDISTAPI Elevation of Privilege Windows 2003/Xp
CVE-2011-1249 Ancillary Function Driver Elevation of Privilege Windows 7/2003/2008/Vista/Xp
CVE-2011-0045 Windows Kernel Integer Truncation Windows Xp
CVE-2010-4398 Driver Improper Interaction with Windows Kernel Windows 7/2003/2008/Vista/Xp
CVE-2010-3338 Task Scheduler Windows 7/2008/Vista
CVE-2010-2554 Tracing Registry Key ACL Windows 7/2008/Vista
CVE-2010-1897 Win32k Window Creation Windows 7/2003/2008/Vista/Xp
CVE-2010-0270 SMB Client Transaction Windows 7/2008
CVE-2010-0233 Windows Kernel Double Free Windows 2000/2003/2008/Vista/Xp
CVE-2010-0020 SMB Pathname Overflow Windows 7/2000/2003/2008/Vista/Xp
CVE-2009-2532 SMBv2 Command Value Windows 2008/Vista
CVE-2009-0079 Windows RPCSS Service Isolation Windows 2003/Xp
CVE-2008-4250 Server Service Windows 2000/2003/Vista/Xp
CVE-2008-4037 SMB Credential Reflection Windows 2000/2003/2008/Vista/Xp
CVE-2008-3464 AFD Kernel Overwrite Windows 2003/Xp
CVE-2008-1084 Win32.sys Windows 2000/2003/2008/Vista/Xp
CVE-2006-3439 Remote Code Execution Windows 2000/2003/Xp
CVE-2005-1983 PnP Service Windows 2000/Xp
CVE-2003-0352 Buffer Overrun In RPC Interface Windows 2000/2003/Xp/Nt

Required environment

  • Test target system

    #Windows 7 SP1 X64 
    ed2k://|file|cn_windows_7_home_premium_with_sp1_x64_dvd_u_676691.iso|3420557312|1A3CF44F3F5E0BE9BBC1A938706A3471|/
    #Windows 7 SP1 X86
    ed2k://|file|cn_windows_7_home_premium_with_sp1_x86_dvd_u_676770.iso|2653276160|A8E8BD4421174DF34BD14D60750B3CDB|/
    #Windows Server 2008 R2 SP1 X64 
    ed2k://|file|cn_windows_server_2008_r2_standard_enterprise_datacenter_and_web_with_sp1_x64_dvd_617598.iso|3368839168|D282F613A80C2F45FF23B79212A3CF67|/
    #Windows Server 2003 R2 SP2 x86
    ed2k://|file|cn_win_srv_2003_r2_enterprise_with_sp2_vl_cd1_X13-46432.iso|637917184|284DC0E76945125035B9208B9199E465|/
    #Windows Server 2003 R2 SP2 x64
    ed2k://|file|cn_win_srv_2003_r2_enterprise_x64_with_sp2_vl_cd1_X13-47314.iso|647686144|107F10D2A7FF12FFF0602FF60602BB37|/
    #Windows Server 2008 SP2 x86
    ed2k://|file|cn_windows_server_standard_enterprise_and_datacenter_with_sp2_x86_dvd_x15-41045.iso|2190057472|E93B029C442F19024AA9EF8FB02AC90B|/
    #Windows Server 2000 SP4 x86
    ed2k://|file|ZRMPSEL_CN.iso|402690048|00D1BDA0F057EDB8DA0B29CF5E188788|/
    #Windows Server 2003 SP2 x86
    thunder://QUFodHRwOi8vcy5zYWZlNS5jb20vV2luZG93c1NlcnZlcjIwMDNTUDJFbnRlcnByaXNlRWRpdGlvbi5pc29aWg==
    #Windows 8.1 x86
    ed2k://|file|cn_windows_8_1_enterprise_x86_dvd_2972257.iso|3050842112|6B60ABF8282F943FE92327463920FB67|/
    #Windows 8.1 x64
    ed2k://|file|cn_windows_8_1_x64_dvd_2707237.iso|4076017664|839CBE17F3CE8411E8206B92658A91FA|/
    #Windows 10 1709 x64
    ed2k://|file|cn_windows_10_multi-edition_vl_version_1709_updated_dec_2017_x64_dvd_100406208.iso|5007116288|317BDC520FA2DD6005CBA8293EA06DF6|/
    #Windows 10 2004 x64 (2020-05-21 release version)
    magnet:?xt=urn:btih:8E49569FDE852E4F3CCB3D13EFB296B6B02D82A6
    #Windows 10 1909 x64 
    ed2k://|file|cn_windows_10_business_editions_version_1909_x64_dvd_0ca83907.iso|5275090944|9BCD5FA6C8009E4D0260E4B23008BD47|/
    #Windows 10 1607 x64 (Updated Jul 2016)
    ed2k://|file|cn_windows_10_multiple_editions_version_1607_updated_jul_2016_x64_dvd_9056935.iso|4347183104|35EA5DB0F3BB714F5CE0740FB89D82D1|/
    #Windows 10 1903 x64
    ed2k://|file|cn_windows_10_business_editions_version_1903_x64_dvd_e001dd2c.iso|4815527936|47D4C57E638DF8BF74C59261E2CE702D|/
  • Linux compilation environment

    sudo vim /etc/apt/sources.list
    #在sources.list末尾添加deb http://us.archive.ubuntu.com/ubuntu trusty main universe
    sudo apt-get update
    sudo apt-get install mingw32 mingw32-binutils mingw32-runtime
    sudo apt-get install gcc-mingw-w64-i686 g++-mingw-w64-i686 mingw-w64-tools
  • Windows compilation environment

    #(.NET download address)https://dotnet.microsoft.com/download/visual-studio-sdks?utm_source=getdotnetsdk&utm_medium=referral
    VS2019(内置V142、V141、V120、V110、V100、V141_xp、V120_xp、V110_xp、MFC、.NET Framework 4.7.2)

About the error

Due to the large content of the project, it is inevitable that there will be some typos or missing CVE numbers. If you find an error, you still hope to submit Issues to help me maintain the project.

No test success number

The following numbers are all CVEs that failed to pass the recurrence test after screening, with reasons for failure, and welcome to submit PR

SecurityBulletin Remarks
CVE-2021-1709 January 2021 patch, routine update
CVE-2020-17087 Patch in November 2020, only proof of concept, no exploit code
CVE-2015-0002 Source code failed to test
CVE-2015-0062 Source code and EXP failed to test successfully
CVE-2015-1725 Unknown compilation method with source code
CVE-2016-3309 Source code and EXP failed to test successfully
CVE-2014-6321 Only winshock_test.sh file
CVE-2019-0859 Need to install windows7 sp1 x64 Need to update the March 2019 patch
CVE-2018-8440 unknown
CVE-2018-1038 Unknown compilation method with source code
CVE-2013-5065 Lack of NDProxy environment
CVE-2013-0008 unknown
CVE-2009-0079 Failed to use
CVE-2011-0045 Could not find available EXP
CVE-2010-2554 Could not find available EXP
CVE-2005-1983 Source code and EXP failed to test successfully
CVE-2012-0002 Blue screen vulnerabilities have no practical value
CVE-2010-0020 Could not find available EXP
CVE-2014-6324 unknown
CVE-2018-0743 Could not find available EXP

Disclaimer

This project is only oriented to legally authorized corporate safety construction behaviors. When using this project for testing, you should ensure that the behavior complies with local laws and regulations and has obtained sufficient authorization.

If you have any illegal behavior in the process of using this project, you need to bear the corresponding consequences yourself, and we will not bear any legal and joint liabilities.

Before using this project, please read carefully and fully understand the content of each clause. Restrictions, exemption clauses or other clauses involving your major rights and interests may be bolded, underlined, etc. to remind you to pay attention. Unless you have fully read, fully understood and accepted all the terms of this agreement, please do not use this item. Your use behavior or your acceptance of this agreement in any other express or implied manner shall be deemed to have been read and agreed to be bound by this agreement.

Reference project & website