Skip to content

kkent030315/anyelevate

BranchesTags

Repository files navigation

CI falling because of version mismatch of static library, dont care

anyelevate

x64 Windows privilege elevation using anycall

Usage

anyelevate.exe [process id]
  • [process id] process id to elevate privilege

How

Simply create copy of nt!_EPROCESS.Token in any desired target process.

kernel::memcpy(
    ( void* )( ( uint64_t )process + RVA_PEPROCESS_TOKEN ),
    &system_process_token,
    sizeof( EX_FAST_REF ) );

Then you are NT AUTHORITY\SYSTEM.
Imagine this is all done by one thing - the physical memory mapping.

License

MIT copyright Kento Oki <hrn832@protonmail.com>

color-console copyright 2018 Lei Fu

About

x64 Windows privilege elevation using anycall

Topics

windows kernel exploit windows-10 privilege-escalation code-execution privilege-elevation privilege-escalation-exploits

Resources

Readme

License

MIT license
Activity

Stars

20 stars

Watchers

3 watching

Forks

11 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages