GithubHelp home page GithubHelp logo

gmh5225 / windows-kernel-exploits Goto Github PK

View Code? Open in Web Editor NEW

This project forked from xct/windows-kernel-exploits

0.0 1.0 0.0 138 KB

Some of my windows kernel exploits for learning purposes

C++ 96.16% C 0.77% Assembly 3.07%

windows-kernel-exploits's Introduction

Windows-Exploits

Some kernel exploits I used to learn about the topic, mainly for OSEE. These probably contain code snippets from other exploits - if I missed references/authors please send me a message and I'll add them.

Kernel

HEVD

Most exploits are vs. Win10 1909 x64 targetting https://github.com/hacksysteam/HackSysExtremeVulnerableDriver .

  • StackOverflow (Medium Integrity)
  • StackOverflow Data Only (ROP/PreviousMode Overwrite, Medium Intregity)
  • StackOverflow with GS (Medium Integrity)
  • TypeConfusion (Medium Integrity)
  • TypeConfusion with StackPivot (Medium Integrity)
  • User-After-Free (Medium Integrity)
  • Pool Overflow Win7 x64 w ProcessBilled Overwrite (Medium Integrity)
  • NullPtr Dereference Win7 x64 (Medium Integrity)

Misc Drivers

All exploits are vs. Win10 1909 x64.

  • CVE-2018-19320 (Gigabyte Driver, Medium Integrity)
  • CVE-2018-19320 + CVE-2018-19323 (Gigabyte Driver, Low Integrity)

Notes/Misc

  • KUSER_SHARED_DATA, at offset 0x800 (0xFFFFF78000000800) in ntoskrnl.exe contains a writable code cave
  • Ways to SYSTEM: Steal Token, Overwrite HAL Dispatch (or another ptr with a ptr to sc), ACL Editing
  • Ways to get Page RW/RX: Flip bit like with U/S, WriteProcessMemory, VirtualProtect
  • Bypass SMEP: Rop to 20th bit of CR4, Flip U/S, Write Code to Kernel Mem (using U/S trick to fix memory protections)
  • KCFG is only enforced when Hyper-V is enabled (it would prevent ptr overwrites to sc)
  • Dangerous functions to look for in drivers: MmMapIoSpace, __readmsr/__writemsr,memmove
  • Compile Shellcode: nasm shellcode.asm -o shellcode.bin -f bin, radare2 -b 32 -c 'pc' ./shellcode.bin

Resources

windows-kernel-exploits's People

Contributors

xct avatar

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.