All Projects → Ascotbe → Kernelhub

Ascotbe / Kernelhub

Licence: agpl-3.0
🌴Windows Kernel privilege escalation vulnerability collection, with compilation environment, demo GIF map, vulnerability details, executable file

Programming Languages

c
50402 projects - #5 most used programming language

Projects that are alternatives of or similar to Kernelhub

Exploits
Exploits by 1N3 @CrowdShield @xer0dayz @XeroSecurity
Stars: ✭ 154 (-84.16%)
Mutual labels:  cve, exploits
Awesome Csirt
Awesome CSIRT is an curated list of links and resources in security and CSIRT daily activities.
Stars: ✭ 132 (-86.42%)
Mutual labels:  cve, exploits
Sudo killer
A tool to identify and exploit sudo rules' misconfigurations and vulnerabilities within sudo for linux privilege escalation.
Stars: ✭ 1,073 (+10.39%)
Mutual labels:  cve, exploits
Java Deserialization Exploits
A collection of curated Java Deserialization Exploits
Stars: ✭ 521 (-46.4%)
Mutual labels:  cve, exploits
exploits
Some personal exploits/pocs
Stars: ✭ 52 (-94.65%)
Mutual labels:  exploits, cve
Exploits
Containing Self Made Perl Reproducers / PoC Codes
Stars: ✭ 160 (-83.54%)
Mutual labels:  cve, exploits
Patrowlhears
PatrowlHears - Vulnerability Intelligence Center / Exploits
Stars: ✭ 89 (-90.84%)
Mutual labels:  cve, exploits
CVE-2019-8449
CVE-2019-8449 Exploit for Jira v2.1 - v8.3.4
Stars: ✭ 66 (-93.21%)
Mutual labels:  exploits, cve
CVE-Stockpile
Master list of all my vulnerability discoveries. Mostly 3rd party kernel drivers.
Stars: ✭ 41 (-95.78%)
Mutual labels:  exploits, cve
Vfeed
The Correlated CVE Vulnerability And Threat Intelligence Database API
Stars: ✭ 826 (-15.02%)
Mutual labels:  cve, exploits
Kernelpop
kernel privilege escalation enumeration and exploitation framework
Stars: ✭ 628 (-35.39%)
Mutual labels:  exploits
Windowsexploitationresources
Resources for Windows exploit development
Stars: ✭ 631 (-35.08%)
Mutual labels:  cve
Wordpress Exploit Framework
A Ruby framework designed to aid in the penetration testing of WordPress systems.
Stars: ✭ 882 (-9.26%)
Mutual labels:  exploits
Exploitrainings
Exploitation on different architectures (x86, x64, arm, mips, avr)
Stars: ✭ 29 (-97.02%)
Mutual labels:  exploits
Herpaderping
Process Herpaderping proof of concept, tool, and technical deep dive. Process Herpaderping bypasses security products by obscuring the intentions of a process.
Stars: ✭ 614 (-36.83%)
Mutual labels:  exploits
Featherduster
An automated, modular cryptanalysis tool; i.e., a Weapon of Math Destruction
Stars: ✭ 876 (-9.88%)
Mutual labels:  exploits
Routeros
RouterOS Security Research Tooling and Proof of Concepts
Stars: ✭ 603 (-37.96%)
Mutual labels:  exploits
Esfileexploreropenportvuln
ES File Explorer Open Port Vulnerability - CVE-2019-6447
Stars: ✭ 595 (-38.79%)
Mutual labels:  cve
Uxss Db
🔪Browser logic vulnerabilities ☠️
Stars: ✭ 565 (-41.87%)
Mutual labels:  cve
Cve 2020 15906
Writeup of CVE-2020-15906
Stars: ✭ 39 (-95.99%)
Mutual labels:  cve

Welcome to Kernelhub

Release Release Release Release

Preface

This project is a Windows privilege collection project. Except for failing the test EXP, there are detailed instructions and demonstration GIF pictures. If the code in the project has your code, please submit Issues if you are the source of the mark.

Prompt

This project prioritizes tracking of kernel-related privilege escalation vulnerabilities. If there is a remote command execution for the vulnerability in the current month, it will only be updated when the Internet is in EXP or POC. If there is any omission, please mention Issues and bring the exploit code.

中文文档 | EnglishDocumentation

Numbered list

SecurityBulletin Description OperatingSystem
CVE-2021-1732 Windows Win32k Windows 10/2019/Server
CVE-2021-1709 Windows Win32k Windows 7/8.1/10/2008/2012/2016/2019/Server
CVE-2020-17087 Windows Kernel Local Elevation of Privilege Vulnerability Windows 7/8.1/10/2008/2012/2016/2019/Server
CVE-2020-16938 Windows Kernel Information Disclosure Vulnerability Windows Server
CVE-2020-16898 Windows TCP/IP Remote Code Execution Vulnerability Windows 10/2019/Server
CVE-2020-1472 Netlogon Elevation of Privilege Windows 2008/2012/2016/2019/Server
CVE-2020-0796 SMBv3 Remote Code Execution Windows Server
CVE-2020-0787 Windows Background Intelligent Transfer Service Windows 7/8/10/2008/2012/2016/2019
CVE-2019-1458 Win32k Elevation of Privilege Windows 7/8/10/2008/2012/2016
CVE-2019-1388 Windows Certificate Dialog Elevation of Privilege Windows 7/8/2008/2012/2016/2019
CVE-2019-0859 Win32k Elevation of Privilege Windows 7/8/10/2008/2012/2016/2019
CVE-2019-0803 Win32k Elevation of Privilege Windows 7/8/10/2008/2012/2016/2019
CVE-2018-8639 Win32k Elevation of Privilege Windows 7/8/10/2008/2012/2016/2019
CVE-2018-8453 Win32k Elevation of Privilege Windows 7/8/10/2008/2012/2016/2019
CVE-2018-8440 Windows ALPC Elevation of Privilege Windows 7/8/10/2008/2012/2016
CVE-2018-8120 Win32k Elevation of Privilege Windows 7/2008
CVE-2018-1038 Windows Kernel Elevation of Privilege Windows 7/2008
CVE-2018-0743 Windows Subsystem for Linux Elevation of Privilege Windows 10/2016
CVE-2018-0833 SMBv3 Null Pointer Dereference Denial of Service Windows 8/2012
CVE-2017-8464 LNK Remote Code Execution Windows 7/8/10/2008/2012/2016
CVE-2017-0213 Windows COM Elevation of Privilege Windows 7/8/10/2008/2012/2016
CVE-2017-0143 Windows Kernel Mode Drivers Windows 7/8/10/2008/2012/2016/Vista
CVE-2017-0101 GDI Palette Objects Local Privilege Escalation Windows 7/8/10/2008/2012/Vista
CVE-2016-7255 Windows Kernel Mode Drivers Windows 7/8/10/2008/2012/2016/Vista
CVE-2016-3371 Windows Kernel Elevation of Privilege Windows 7/8/10/2008/2012/Vista
CVE-2016-3309 Win32k Elevation of Privilege Windows 7/8/10/2008/2012/Vista
CVE-2016-3225 Windows SMB Server Elevation of Privilege Windows 7/8/10/2008/2012/Vista
CVE-2016-0099 Secondary Logon Handle Windows 7/8/10/2008/2012/Vista
CVE-2016-0095 Win32k Elevation of Privilege Windows 7/8/10/2008/2012/Vista
CVE-2016-0051 WebDAV Elevation of Privilege Windows 7/8/10/2008/2012/Vista
CVE-2016-0041 Win32k Memory Corruption Elevation of Privilege Windows 7/8/10/2008/2012/Vista
CVE-2015-2546 Win32k Memory Corruption Elevation of Privilege Windows 7/8/10/2008/2012/Vista
CVE-2015-2387 ATMFD.DLL Memory Corruption Windows 7/8/2003/2008/2012/Vista/Rt
CVE-2015-2370 Windows RPC Elevation of Privilege Windows 7/8/10/2003/2008/2012/Vista
CVE-2015-1725 Win32k Elevation of Privilege Windows 7/8/10/2003/2008/2012/Vista
CVE-2015-1701 Windows Kernel Mode Drivers Windows 7/2003/2008/Vista
CVE-2015-0062 Windows Create Process Elevation of Privilege Windows 7/8/2008/2012
CVE-2015-0057 Win32k Elevation of Privilege Windows 7/8/2003/2008/2012/Vista
CVE-2015-0003 Win32k Elevation of Privilege Windows 7/8/2003/2008/2012/Vista
CVE-2015-0002 Microsoft Application Compatibility Infrastructure Elevation of Privilege Windows 7/8/2003/2008/2012
CVE-2014-6324 Kerberos Checksum Vulnerability Windows 7/8/2003/2008/2012/Vista
CVE-2014-6321 Microsoft Schannel Remote Code Execution Windows 7/8/2003/2008/2012/Vista
CVE-2014-4113 Win32k.sys Elevation of Privilege Windows 7/8/2003/2008/2012/Vista
CVE-2014-4076 TCP/IP Elevation of Privilege Windows 2003
CVE-2014-1767 Ancillary Function Driver Elevation of Privilege Windows 7/8/2003/2008/2012/Vista
CVE-2013-5065 NDProxy.sys Windows XP/2003
CVE-2013-1345 Kernel Driver Windows 7/8/2003/2008/2012/Vista/Rt/Xp
CVE-2013-1332 DirectX Graphics Kernel Subsystem Double Fetch Windows 7/8/2003/2008/2012/Vista/Rt
CVE-2013-0008 Win32k Improper Message Handling Windows 7/8/2008/2012/Vista/Rt
CVE-2012-0217 Service Bus Windows 7/2003/2008/Xp
CVE-2012-0002 Remote Desktop Protocol Windows 7/2003/2008/Vista/Xp
CVE-2011-2005 Ancillary Function Driver Elevation of Privilege Windows 2003/Xp
CVE-2011-1974 NDISTAPI Elevation of Privilege Windows 2003/Xp
CVE-2011-1249 Ancillary Function Driver Elevation of Privilege Windows 7/2003/2008/Vista/Xp
CVE-2011-0045 Windows Kernel Integer Truncation Windows Xp
CVE-2010-4398 Driver Improper Interaction with Windows Kernel Windows 7/2003/2008/Vista/Xp
CVE-2010-3338 Task Scheduler Windows 7/2008/Vista
CVE-2010-2554 Tracing Registry Key ACL Windows 7/2008/Vista
CVE-2010-1897 Win32k Window Creation Windows 7/2003/2008/Vista/Xp
CVE-2010-0270 SMB Client Transaction Windows 7/2008
CVE-2010-0233 Windows Kernel Double Free Windows 2000/2003/2008/Vista/Xp
CVE-2010-0020 SMB Pathname Overflow Windows 7/2000/2003/2008/Vista/Xp
CVE-2009-2532 SMBv2 Command Value Windows 2008/Vista
CVE-2009-0079 Windows RPCSS Service Isolation Windows 2003/Xp
CVE-2008-4250 Server Service Windows 2000/2003/Vista/Xp
CVE-2008-4037 SMB Credential Reflection Windows 2000/2003/2008/Vista/Xp
CVE-2008-3464 AFD Kernel Overwrite Windows 2003/Xp
CVE-2008-1084 Win32.sys Windows 2000/2003/2008/Vista/Xp
CVE-2006-3439 Remote Code Execution Windows 2000/2003/Xp
CVE-2005-1983 PnP Service Windows 2000/Xp
CVE-2003-0352 Buffer Overrun In RPC Interface Windows 2000/2003/Xp/Nt

Required environment

  • Test target system

    #Windows 7 SP1 X64 
    ed2k://|file|cn_windows_7_home_premium_with_sp1_x64_dvd_u_676691.iso|3420557312|1A3CF44F3F5E0BE9BBC1A938706A3471|/
    #Windows 7 SP1 X86
    ed2k://|file|cn_windows_7_home_premium_with_sp1_x86_dvd_u_676770.iso|2653276160|A8E8BD4421174DF34BD14D60750B3CDB|/
    #Windows Server 2008 R2 SP1 X64 
    ed2k://|file|cn_windows_server_2008_r2_standard_enterprise_datacenter_and_web_with_sp1_x64_dvd_617598.iso|3368839168|D282F613A80C2F45FF23B79212A3CF67|/
    #Windows Server 2003 R2 SP2 x86
    ed2k://|file|cn_win_srv_2003_r2_enterprise_with_sp2_vl_cd1_X13-46432.iso|637917184|284DC0E76945125035B9208B9199E465|/
    #Windows Server 2003 R2 SP2 x64
    ed2k://|file|cn_win_srv_2003_r2_enterprise_x64_with_sp2_vl_cd1_X13-47314.iso|647686144|107F10D2A7FF12FFF0602FF60602BB37|/
    #Windows Server 2008 SP2 x86
    ed2k://|file|cn_windows_server_standard_enterprise_and_datacenter_with_sp2_x86_dvd_x15-41045.iso|2190057472|E93B029C442F19024AA9EF8FB02AC90B|/
    #Windows Server 2000 SP4 x86
    ed2k://|file|ZRMPSEL_CN.iso|402690048|00D1BDA0F057EDB8DA0B29CF5E188788|/
    #Windows Server 2003 SP2 x86
    thunder://QUFodHRwOi8vcy5zYWZlNS5jb20vV2luZG93c1NlcnZlcjIwMDNTUDJFbnRlcnByaXNlRWRpdGlvbi5pc29aWg==
    #Windows 8.1 x86
    ed2k://|file|cn_windows_8_1_enterprise_x86_dvd_2972257.iso|3050842112|6B60ABF8282F943FE92327463920FB67|/
    #Windows 8.1 x64
    ed2k://|file|cn_windows_8_1_x64_dvd_2707237.iso|4076017664|839CBE17F3CE8411E8206B92658A91FA|/
    #Windows 10 1709 x64
    ed2k://|file|cn_windows_10_multi-edition_vl_version_1709_updated_dec_2017_x64_dvd_100406208.iso|5007116288|317BDC520FA2DD6005CBA8293EA06DF6|/
    #Windows 10 2004 x64 (2020-05-21 release version)
    magnet:?xt=urn:btih:8E49569FDE852E4F3CCB3D13EFB296B6B02D82A6
    #Windows 10 1909 x64 
    ed2k://|file|cn_windows_10_business_editions_version_1909_x64_dvd_0ca83907.iso|5275090944|9BCD5FA6C8009E4D0260E4B23008BD47|/
    
  • Linux compilation environment

    sudo vim /etc/apt/sources.list
    #在sources.list末尾添加deb http://us.archive.ubuntu.com/ubuntu trusty main universe
    sudo apt-get update
    sudo apt-get install mingw32 mingw32-binutils mingw32-runtime
    sudo apt-get install gcc-mingw-w64-i686 g++-mingw-w64-i686 mingw-w64-tools
    
  • Windows compilation environment

    VS2019(内置V142、V141、V120、V110、V100、V141_xp、V120_xp、V110_xp、MFC)
    

About the error

Due to the large content of the project, it is inevitable that there will be some typos or missing CVE numbers. If you find an error, you still hope to submit Issues to help me maintain the project.

No test success number

The following numbers are all CVEs that failed to pass the recurrence test after screening, with reasons for failure, and welcome to submit PR

SecurityBulletin Remarks
CVE-2021-1709 January 2021 patch, routine update
CVE-2020-17087 Patch in November 2020, only proof of concept, no exploit code
CVE-2015-0002 Source code failed to test
CVE-2015-0062 Source code and EXP failed to test successfully
CVE-2015-1725 Unknown compilation method with source code
CVE-2016-3309 Source code and EXP failed to test successfully
CVE-2014-6321 Only winshock_test.sh file
CVE-2019-0859 Need to install windows7 sp1 x64 Need to update the March 2019 patch
CVE-2018-8440 unknown
CVE-2018-1038 Unknown compilation method with source code
CVE-2013-5065 Lack of NDProxy environment
CVE-2013-0008 unknown
CVE-2009-0079 Failed to use
CVE-2011-0045 Could not find available EXP
CVE-2010-2554 Could not find available EXP
CVE-2005-1983 Source code and EXP failed to test successfully
CVE-2012-0002 Blue screen vulnerabilities have no practical value
CVE-2010-0020 Could not find available EXP
CVE-2014-6324 unknown
CVE-2018-0743 Could not find available EXP

Disclaimer

This project is only oriented to legally authorized corporate safety construction behaviors. When using this project for testing, you should ensure that the behavior complies with local laws and regulations and has obtained sufficient authorization.

If you have any illegal behavior in the process of using this project, you need to bear the corresponding consequences yourself, and we will not bear any legal and joint liabilities.

Before using this project, please read carefully and fully understand the content of each clause. Restrictions, exemption clauses or other clauses involving your major rights and interests may be bolded, underlined, etc. to remind you to pay attention. Unless you have fully read, fully understood and accepted all the terms of this agreement, please do not use this item. Your use behavior or your acceptance of this agreement in any other express or implied manner shall be deemed to have been read and agreed to be bound by this agreement.

Reference project & website

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].