windows-提权利用
| 说明 | EXP | 影响范围 | 备注 |
|---|---|---|---|
| 多系统内核提权 | https://github.com/Ascotbe/Kernelhub | \ | \ |
| Windows 内核漏洞 | https://github.com/SecWiki/windows-kernel-exploits | \ | \ |
| ==== | 特权类 | ==== | ==== |
| 烂土豆1 | https://github.com/ohpe/juicy-potato | Windows 7 – Windows 10 / Server 2016 version 1803 | 该版本更常用 |
| 烂土豆1.1 | https://github.com/uknowsec/SweetPotato | Windows 7 – Windows 10 / Server 2016 version 1803 | 弥补 JuicyPotato 失效场景 |
| 烂土豆2 | https://github.com/itm4n/PrintSpoofer/ | Windows 10 / Server 2016 version 1607 – Windows 10 / Server 2019 present | |
| 烂土豆3 | https://github.com/antonioCoco/RoguePotato/ | Windows 10 / Server 2019 version 1809 – present | |
| 烂土豆4 | https://github.com/BeichenDream/GodPotato | Windows Server 2012 - Windows Server 2022 Windows8 - Windows 11 | |
| 打印服务1 | https://github.com/ly4k/SpoolFool | ||
| 打印服务2 | https://github.com/nemo-wq/PrintNightmare-CVE-2021-34527 | 所有 OS 版本 | |
| SharpNightmare | https://github.com/cube0x0/CVE-2021-1675 | ||
| Invoke-Nightmare | https://github.com/calebstewart/CVE-2021-1675 | ||
| ==== | ==== | ==== | ==== |
| CVE-2019-1405+1322[COMahawk] | https://github.com/apt69/COMahawk | Windows 7 - Windows 10、Windows Server 2008 R2 - 2019 | |
| MS16-135 | https://github.com/Ridter/Pentest/tree/master/powershell/MyShell、https://github.com/SecWiki/windows-kernel-exploits/tree/master/MS16-135 | Windows Vista - Windows 10,以及 Windows Server 2008 - 2016 | 创建管理员账户 |
| MS16-032 | https://github.com/Ridter/Pentest/tree/master/powershell/MyShell、https://www.exploit-db.com/exploits/39809 | Windows 7 < 10 / 2008 < 2012 (x86/x64) | 创建管理员账户 |
| MS16-016 | https://github.com/SecWiki/windows-kernel-exploits/tree/master/MS16-016 | 2008/Vista/7 | 可直接“就地提升” |
| MS14-040 | https://github.com/SecWiki/windows-kernel-exploits/tree/master/MS14-040 | 2003/2008/2012/7/8 | 可直接“就地提升” |
| MS11-046 | https://github.com/SecWiki/windows-kernel-exploits/blob/master/MS11-046 | 2003/2008/7/XP | 可直接“就地提升” |
| MS10-059 | https://github.com/SecWiki/windows-kernel-exploits/blob/master/MS10-059 | 2008/7/Vista | 反连 nc |
| ==== | 应用类 | ==== | ==== |
| MySQL UDF | https://github.com/koparmalbaris/MySQL-UDF-Exploitation | MySQL 4.x ~ 8.x | 若拿到 root 权限,理论上所有支持 UDF 功能的 mysql 均可被利用 |
| ==== | MSF 类 | ==== | ==== |
| SMB RCE | exploit/windows/smb/* | 针对 SMB 的远程利用模块 | |
| 本地提权 | exploit/windows/local/* | 本地提权模块 | |
| CVE-2022-21882 | exploit/windows/local/cve_2022_21882_win32k | Windows 7 - Windows 11,Server 2008 R2 - Server 2022 | |
| CVE-2019-1405+1322[COMahawk] | exploit/windows/local/comahawk | Windows 7 - Windows 10、Windows Server 2008 R2 - 2019 | |
注:Windows 提权漏洞,大多需要在桌面环境下才能生效,Shell 环境下可以成功使用的貌似并不多(即便是那些 ps1 脚本类型的 EXP,亦如此。)。