Preface
- The original intention of making the project is for, learning, analyzing, and research the latest kernel vulnerabilities are not needed to see the system and related content.
- This project is a collection of proprietary, except for test failure or unspecified Exp, Demo GIF map
- If there is an omission of the omission of CVE vulnerabilities, please join your issues and bring your use of code.
- Project code is prohibited from testing in a real environment! The reliability of the code is self-verified, and the cause of the fault you have is not responsible.
中文文档 | EnglishDocumentation
Numbered list
SecurityBulletin | Description | OperatingSystem |
---|---|---|
CVE-2021-34486 | Windows Event Tracing Elevation | Windows 10/2019/Server |
CVE-2021-42287 | Windows AD | Windows 2008/2012/2016/2019/2022/Server |
CVE-2021-43224 | Windows Common Log File | Windows 7/8/10/11/2008/2012/2016/2019/2022/Server |
CVE-2021-42278 | Windows AD | Windows 2008/2012/2016/2019/2022/Server |
CVE-2021-40449 | Windows Win32k | Windows 7/8.1/10/11/2008/2012/2016/2019/2022/Server |
CVE-2021-40444 | Windows IE RCE | Windows 7/8.1/10/2008/2012/2016/2019/2022/Server |
CVE-2021-36934 | Windows Elevation | Windows 10 |
CVE-2021-34527 | Windows Print Spooler Remote Code Execution | Windows 7/8/10/2008/2012/2016/2019/2022/Server |
CVE-2021-33739 | Microsoft DWM Core Library Elevation | Windows 10/Server |
CVE-2021-31166 | HTTP Protocol Stack | Windows 10/Server |
CVE-2021-26868 | Windows Graphics Component Elevation | Windows 8.1/10/2012/2016/2019/Server |
CVE-2021-21551 | None | None |
CVE-2021-1732 | Windows Win32k | Windows 10/2019/Server |
CVE-2021-1709 | Windows Win32k | Windows 7/8.1/10/2008/2012/2016/2019/Server |
CVE-2020-17087 | Windows Kernel Local Elevation | Windows 7/8.1/10/2008/2012/2016/2019/Server |
CVE-2020-17057 | Windows Win32k | Windows 10/2016/2019/Server |
CVE-2020-16938 | Windows Kernel Information Disclosure | Windows Server |
CVE-2020-16898 | Windows TCP/IP Remote Code Execution | Windows 10/2019/Server |
CVE-2020-1362 | Windows WalletService Elevation of Privilege | Windows 10/2016/2019/Server |
CVE-2020-1350 | Windows DNS Server | Windows 2008/2012/2016/2019/Server |
CVE-2020-1337 | Windows Print Spooler Elevation | Windows 7/8.1/10/2008/2012/2016/2019/Server |
CVE-2020-1313 | Windows Update Orchestrator Service Elevation | Windows 10/Server |
CVE-2020-1066 | .NET Framework Elevation | Windows 7/2008 |
CVE-2020-1054 | Win32k Elevation | Windows 7/8.1/10/2008/2012/2016/2019/Server |
CVE-2020-1472 | Netlogon Elevation | Windows 2008/2012/2016/2019/Server |
CVE-2020-0668 | Windows Kernel Elevation | Windows 7/8.1/10/2008/2012/2016/2019/Serve |
CVE-2020-1015 | Windows Elevation | Windows 7/8.1/10/2008/2012/2016/2019/Server |
CVE-2020-0814 | Windows Installer Elevation | Windows 7/8.1/10/2008/2012/2016/2019/Server |
CVE-2020-0796 | SMBv3 Remote Code Execution | Windows Server |
CVE-2020-0787 | Windows Background Intelligent Transfer Service | Windows 7/8/10/2008/2012/2016/2019 |
CVE-2020-0624 | Win32k Elevation | Windows 10/Server |
CVE-2019-0808 | Win32k Elevation | Windows 7/2008 |
CVE-2020-0683 | Windows Installer Elevation | Windows 7/8.1/10/2008/2012/2016/2019/Server |
CVE-2019-0623 | Win32k Elevation | Windows 7/8.1/10/2008/2012/2016/Serve |
CVE-2019-1458 | Win32k Elevation | Windows 7/8/10/2008/2012/2016 |
CVE-2019-1422 | Windows Elevation | Windows 7/8.1/10/2008/2012/2016/2019/Server |
CVE-2019-1388 | Windows Certificate Dialog Elevation | Windows 7/8/2008/2012/2016/2019 |
CVE-2019-1322 | Windows Elevation | Windows 10/2019/Server |
CVE-2019-1253 | Windows Elevation | Windows 10/2019/Server |
CVE-2019-1215 | Windows Elevation | Windows 7/8.1/10/2008/2012/2016/2019/Server |
CVE-2019-1040 | Windows NTLM Tampering | Windows 7/8/10/2008/2012/2016/2019/Serve |
CVE-2019-0986 | Windows User Profile Service Elevation | Windows 7/8/10/2008/2012/2016/2019/Serve |
CVE-2019-0863 | Windows Error Reporting Elevation | Windows 7/8/10/2008/2012/2016/2019/Serve |
CVE-2019-0859 | Win32k Elevation | Windows 7/8/10/2008/2012/2016/2019 |
CVE-2019-0803 | Win32k Elevation | Windows 7/8/10/2008/2012/2016/2019 |
CVE-2019-0708 | Remote Desktop Services | Windows 7/2008 |
CVE-2018-8639 | Win32k Elevation | Windows 7/8/10/2008/2012/2016/2019 |
CVE-2018-8453 | Win32k Elevation | Windows 7/8/10/2008/2012/2016/2019 |
CVE-2018-8440 | Windows ALPC Elevation | Windows 7/8/10/2008/2012/2016 |
CVE-2018-8120 | Win32k Elevation | Windows 7/2008 |
CVE-2018-1038 | Windows Kernel Elevation | Windows 7/2008 |
CVE-2018-0833 | SMBv3 Null Pointer Dereference Denial of Service | Windows 8/2012 |
CVE-2018-0886 | CredSSP Remote Code Execution | Windows 7/8/10/2008/2012/2016/2019/Server |
CVE-2018-0824 | COM for Windows Remote Code Execution | Windows 7/8/10/2008/2012/2016/Server |
CVE-2017-11783 | Windows Elevation | Windows 8/10/2012/2016 |
CVE-2017-8465 | Win32k Elevation | Windows 7/8/10/2012/2016 |
CVE-2017-8464 | LNK Remote Code Execution | Windows 7/8/10/2008/2012/2016 |
CVE-2017-0263 | Win32k Elevation | Windows 7/8/10/2008/2012/2016 |
CVE-2017-0213 | Windows COM Elevation | Windows 7/8/10/2008/2012/2016 |
CVE-2017-0143 | Windows Kernel Mode Drivers | Windows 7/8/10/2008/2012/2016/Vista |
CVE-2017-0101 | GDI Palette Objects Local Privilege Escalation | Windows 7/8/10/2008/2012/Vista |
CVE-2017-0100 | Windows HelpPane Elevation | Windows 7/8/10/2008/2012/2016 |
CVE-2017-0005 | Windows GDI Elevation | Windows 7/8/10/2008/2012/2016/Vista/XP |
CVE-2016-7255 | Windows Kernel Mode Drivers | Windows 7/8/10/2008/2012/2016/Vista |
CVE-2016-3371 | Windows Kernel Elevation | Windows 7/8/10/2008/2012/Vista |
CVE-2016-3309 | Win32k Elevation | Windows 7/8/10/2008/2012/Vista |
CVE-2016-3225 | Windows SMB Server Elevation | Windows 7/8/10/2008/2012/Vista |
CVE-2016-0099 | Secondary Logon Handle | Windows 7/8/10/2008/2012/Vista |
CVE-2016-0095 | Win32k Elevation | Windows 7/8/10/2008/2012/Vista |
CVE-2016-0051 | WebDAV Elevation | Windows 7/8/10/2008/2012/Vista |
CVE-2016-0041 | Win32k Memory Corruption Elevation | Windows 7/8/10/2008/2012/Vista |
CVE-2015-2546 | Win32k Memory Corruption Elevation | Windows 7/8/10/2008/2012/Vista |
CVE-2015-2387 | ATMFD.DLL Memory Corruption | Windows 7/8/2003/2008/2012/Vista/Rt |
CVE-2015-2370 | Windows RPC Elevation | Windows 7/8/10/2003/2008/2012/Vista |
CVE-2015-1725 | Win32k Elevation | Windows 7/8/10/2003/2008/2012/Vista |
CVE-2015-1701 | Windows Kernel Mode Drivers | Windows 7/2003/2008/Vista |
CVE-2015-0062 | Windows Create Process Elevation | Windows 7/8/2008/2012 |
CVE-2015-0057 | Win32k Elevation | Windows 7/8/2003/2008/2012/Vista |
CVE-2015-0003 | Win32k Elevation | Windows 7/8/2003/2008/2012/Vista |
CVE-2015-0002 | Microsoft Application Compatibility Infrastructure Elevation | Windows 7/8/2003/2008/2012 |
CVE-2014-6324 | Kerberos Checksum Vulnerability | Windows 7/8/2003/2008/2012/Vista |
CVE-2014-6321 | Microsoft Schannel Remote Code Execution | Windows 7/8/2003/2008/2012/Vista |
CVE-2014-4113 | Win32k.sys Elevation | Windows 7/8/2003/2008/2012/Vista |
CVE-2014-4076 | TCP/IP Elevation | Windows 2003 |
CVE-2014-1767 | Ancillary Function Driver Elevation | Windows 7/8/2003/2008/2012/Vista |
CVE-2013-5065 | NDProxy.sys | Windows XP/2003 |
CVE-2013-1345 | Kernel Driver | Windows 7/8/2003/2008/2012/Vista/Rt/Xp |
CVE-2013-1332 | DirectX Graphics Kernel Subsystem Double Fetch | Windows 7/8/2003/2008/2012/Vista/Rt |
CVE-2013-1300 | Win32k Memory Allocation | Windows 7/8/2003/2008/2012/Vista/Xp |
CVE-2013-0008 | Win32k Improper Message Handling | Windows 7/8/2008/2012/Vista/Rt |
CVE-2012-0217 | Service Bus | Windows 7/2003/2008/Xp |
CVE-2012-0002 | Remote Desktop Protocol | Windows 7/2003/2008/Vista/Xp |
CVE-2011-2005 | Ancillary Function Driver Elevation | Windows 2003/Xp |
CVE-2011-1974 | NDISTAPI Elevation | Windows 2003/Xp |
CVE-2011-1249 | Ancillary Function Driver Elevation | Windows 7/2003/2008/Vista/Xp |
CVE-2011-1237 | Win32k Use After Free | Windows 7/2003/2008/Vista/Xp |
CVE-2011-0045 | Windows Kernel Integer Truncation | Windows Xp |
CVE-2010-4398 | Driver Improper Interaction with Windows Kernel | Windows 7/2003/2008/Vista/Xp |
CVE-2010-3338 | Task Scheduler | Windows 7/2008/Vista |
CVE-2010-2554 | Tracing Registry Key ACL | Windows 7/2008/Vista |
CVE-2010-1897 | Win32k Window Creation | Windows 7/2003/2008/Vista/Xp |
CVE-2010-0270 | SMB Client Transaction | Windows 7/2008 |
CVE-2010-0233 | Windows Kernel Double Free | Windows 2000/2003/2008/Vista/Xp |
CVE-2010-0020 | SMB Pathname Overflow | Windows 7/2000/2003/2008/Vista/Xp |
CVE-2009-2532 | SMBv2 Command Value | Windows 2008/Vista |
CVE-2009-0079 | Windows RPCSS Service Isolation | Windows 2003/Xp |
CVE-2008-4250 | Server Service | Windows 2000/2003/Vista/Xp |
CVE-2008-4037 | SMB Credential Reflection | Windows 2000/2003/2008/Vista/Xp |
CVE-2008-3464 | AFD Kernel Overwrite | Windows 2003/Xp |
CVE-2008-1084 | Win32.sys | Windows 2000/2003/2008/Vista/Xp |
CVE-2006-3439 | Remote Code Execution | Windows 2000/2003/Xp |
CVE-2005-1983 | PnP Service | Windows 2000/Xp |
CVE-2003-0352 | Buffer Overrun In RPC Interface | Windows 2000/2003/Xp/Nt |
CVE-2000-0979 | Share Level Password | Windows 95/98/98se/Me |
-
Test target system
#Windows 7 SP1 X64 ed2k://|file|cn_windows_7_home_premium_with_sp1_x64_dvd_u_676691.iso|3420557312|1A3CF44F3F5E0BE9BBC1A938706A3471|/ #Windows 7 SP1 X86 ed2k://|file|cn_windows_7_home_premium_with_sp1_x86_dvd_u_676770.iso|2653276160|A8E8BD4421174DF34BD14D60750B3CDB|/ #Windows Server 2008 R2 SP1 X64 ed2k://|file|cn_windows_server_2008_r2_standard_enterprise_datacenter_and_web_with_sp1_x64_dvd_617598.iso|3368839168|D282F613A80C2F45FF23B79212A3CF67|/ #Windows Server 2003 R2 SP2 x86 ed2k://|file|cn_win_srv_2003_r2_enterprise_with_sp2_vl_cd1_X13-46432.iso|637917184|284DC0E76945125035B9208B9199E465|/ #Windows Server 2003 R2 SP2 x64 ed2k://|file|cn_win_srv_2003_r2_enterprise_x64_with_sp2_vl_cd1_X13-47314.iso|647686144|107F10D2A7FF12FFF0602FF60602BB37|/ #Windows Server 2008 SP2 x86 ed2k://|file|cn_windows_server_standard_enterprise_and_datacenter_with_sp2_x86_dvd_x15-41045.iso|2190057472|E93B029C442F19024AA9EF8FB02AC90B|/ #Windows Server 2000 SP4 x86 ed2k://|file|ZRMPSEL_CN.iso|402690048|00D1BDA0F057EDB8DA0B29CF5E188788|/ #Windows Server 2003 SP2 x86 thunder://QUFodHRwOi8vcy5zYWZlNS5jb20vV2luZG93c1NlcnZlcjIwMDNTUDJFbnRlcnByaXNlRWRpdGlvbi5pc29aWg== #Windows 8.1 x86 ed2k://|file|cn_windows_8_1_enterprise_x86_dvd_2972257.iso|3050842112|6B60ABF8282F943FE92327463920FB67|/ #Windows 8.1 x64 ed2k://|file|cn_windows_8_1_x64_dvd_2707237.iso|4076017664|839CBE17F3CE8411E8206B92658A91FA|/ #Windows 10 1709 x64 ed2k://|file|cn_windows_10_multi-edition_vl_version_1709_updated_dec_2017_x64_dvd_100406208.iso|5007116288|317BDC520FA2DD6005CBA8293EA06DF6|/ #Windows 10 2004 x64 (2020-05-21 release version) magnet:?xt=urn:btih:8E49569FDE852E4F3CCB3D13EFB296B6B02D82A6 #Windows 10 1909 x64 ed2k://|file|cn_windows_10_business_editions_version_1909_x64_dvd_0ca83907.iso|5275090944|9BCD5FA6C8009E4D0260E4B23008BD47|/ #Windows 10 1607 x64 (Updated Jul 2016) ed2k://|file|cn_windows_10_multiple_editions_version_1607_updated_jul_2016_x64_dvd_9056935.iso|4347183104|35EA5DB0F3BB714F5CE0740FB89D82D1|/ #Windows 10 1903 x64 ed2k://|file|cn_windows_10_business_editions_version_1903_x64_dvd_e001dd2c.iso|4815527936|47D4C57E638DF8BF74C59261E2CE702D|/
-
Linux compilation environment
sudo vim /etc/apt/sources.list #在sources.list末尾添加deb http://us.archive.ubuntu.com/ubuntu trusty main universe sudo apt-get update sudo apt-get install mingw32 mingw32-binutils mingw32-runtime sudo apt-get install gcc-mingw-w64-i686 g++-mingw-w64-i686 mingw-w64-tools
-
Windows compilation environment
#(.NET download address)https://dotnet.microsoft.com/download/visual-studio-sdks?utm_source=getdotnetsdk&utm_medium=referral VS2019(内置V142、V141、V120、V110、V100、V141_xp、V120_xp、V110_xp、MFC、.NET Framework 4.7.2)
Due to the large content of the project, it is inevitable that there will be some typos or missing CVE numbers. If you find an error, you still hope to submit Issues to help me maintain the project.
No test success number
The following numbers are all CVEs that failed to pass the recurrence test after screening, with reasons for failure, and welcome to submit PR
SecurityBulletin | |||
---|---|---|---|
CVE-2000-0979 | CVE-2005-1983 | CVE-2009-0079 | CVE-2010-0020 |
CVE-2011-0045 | CVE-2011-1237 | CVE-2013-0008 | CVE-2013-1300 |
CVE-2014-6321 | CVE-2014-6324 | CVE-2015-0002 | CVE-2015-0062 |
CVE-2016-3309 | CVE-2017-0005 | CVE-2017-0100 | CVE-2017-0263 |
CVE-2017-8465 | CVE-2018-0824 | CVE-2018-0886 | CVE-2018-1038 |
CVE-2019-0708 | CVE-2019-0859 | CVE-2019-0863 | CVE-2019-0986 |
CVE-2019-1215 | CVE-2019-1253 | CVE-2019-1322 | CVE-2019-1422 |
CVE-2020-0814 | CVE-2020-1350 | CVE-2020-1362 | CVE-2020-17057 |
CVE-2021-1709 | CVE-2021-21551 | CVE-2021-31166 | CVE-2021-34527 |
CVE-2021-43883 |
This project is only oriented to legally authorized corporate safety construction behaviors. When using this project for testing, you should ensure that the behavior complies with local laws and regulations and has obtained sufficient authorization.
If you have any illegal behavior in the process of using this project, you need to bear the corresponding consequences yourself, and we will not bear any legal and joint liabilities.
Before using this project, please read carefully and fully understand the content of each clause. Restrictions, exemption clauses or other clauses involving your major rights and interests may be bolded, underlined, etc. to remind you to pay attention. Unless you have fully read, fully understood and accepted all the terms of this agreement, please do not use this item. Your use behavior or your acceptance of this agreement in any other express or implied manner shall be deemed to have been read and agreed to be bound by this agreement.