-
Notifications
You must be signed in to change notification settings - Fork 29
/
PrivEsc - Kernel vulnerabilities
96 lines (56 loc) · 2.05 KB
/
PrivEsc - Kernel vulnerabilities
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
-------------------------------------------------------------------------------------
# python windows exploit suggester using systeminfo output
python windows-exploit-suggester.py --upadte
python windows-exploit-suggester.py --database <db name> --systeminfo <filename>
# Metasploit module
post/multi/recon/local_exploit_suggester
-------------------------------------------------------------------------------------
# missing patches
# search for all intalled patches
wmic qfe get Caption,Description,HotFixID,InstalledOn
# search for specific patches
wmic qfe get Caption,Description,HotFixID,InstalledOn | findstr KB1234567
# Metasploit module to identify missing patches
post/windows/gather/enum_patches
-------------------------------------------------------------------------------------
Windows Vulnerabilities
For exploit sources: https://github.com/SecWiki/windows-kernel-exploits/
For more neat exploit table, check the following page:
https://guif.re/windowseop#EoP%208:%20Kernel%20vulnerabilities
# WINDOWS Exploits
# MS16-135 (Windows Kernel Mode Drivers)
Server 2016
# MS16-032 (Secondary Logon Handle)
Server 2008, 7,8,10 & Server 2012
# MS16-016 (WebDAV)
Server 2008, Vista, 7
# MS15-051 (Windows Kernel Mode Drivers)
Server 2003, Server 2008, 7, 8, Server 2012
# MS14-058 (Win32k.sys)
Server 2003, Server 2008, 7, 8, Server 2012
# MS14-040 (AFD Driver)
Server 2003, Server 2008, 7, 8, Server 2012
# MS14-002 (Windows Kernel)
XP, Server 2003
# MS13-005 (Kernel Mode Driver)
Server 2003, Server 2008, 7, 8, Server 2012
# MS10-092 (Task Scheduler)
Server 2008, 7
# MS10-015 (KiTrap0D)
Server 2003, Server 2008, 7, XP
# MS14-002 (NDProxy)
Server 2003, XP
# MS15-061 (Kernel Driver)
Server 2003, Server 2008, 7, 8, Server 2012
# MS11-080 (AFD.sys)
Server 2003, XP
# MS11-062 (NDISTAPI)
Server 2003, XP
# MS15-076 (RPC)
Server 2003, Server 2008, 7, 8, Server 2012
# MS16-075 (Hot Potato)
Server 2003, Server 2008, 7, 8, Server 2012
# MS15-010 (Kernel Driver)
Server 2003, Server 2008, 7, XP
# MS11-046 (AFD.sys)
Server 2003, Server 2008, 7, XP