关联漏洞
标题:
Microsoft Win32k 缓冲区错误漏洞
(CVE-2021-1732)
描述:Microsoft Win32k是美国微软(Microsoft)公司的一个用于Windows多用户管理的系统文件。 Microsoft Win32k 中存在缓冲区错误漏洞。以下产品及版本受到影响:Windows 10 Version 1803 for 32-bit Systems,Windows 10 Version 1803 for x64-based Systems,Windows 10 Version 1803 for ARM64-based Systems,Windows 10 Version 1
介绍
<h1 style="font-size:10vw" align="center">Windows Privilege Escalation</h1>
<h2 style="font-size:7vw" align="center"><i> Exploit for CVE-2021-1732 (Win32k) - Local Privilege Escalation</i></h2>
*For educational and authorized security research purposes only*
## Original Exploit Authors
[@Exploit Blizzard](https://github.com/exploitblizzard)
## Vulnerability Description
A vulnerability exists within win32k that can be leveraged by an attacker to escalate privileges to those of NT AUTHORITY\SYSTEM. The flaw exists in how the WndExtra field of a window can be manipulated into being treated as an offset despite being populated by an attacker-controlled value. This can be leveraged to achieve an out of bounds write operation, eventually leading to privilege escalation. This flaw was originally identified as CVE-2021-1732 and was patched by Microsoft on February 9th, 2021. In early 2022.
## Usage
```bash
CVE-2021-1732.exe "the-command"
```
## Options
```bash
"the-command" Use every command supported by Command Line Interfaces (CLI), such as "whoami"
```
## Download Via Original Source
[Download Exploit Script for CVE-2021-3560 Here](https://raw.githubusercontent.com/UNICORDev/exploit-CVE-2021-3560/main/exploit-CVE-2021-3560.py)
## Exploit Requirements
- Command Prompt
- Proccess Hacker
## Demo
## Tested On
- Windows 10 Version 2004
## Affected Windows Versions:
Windows Server, version 20H2 (Server Core Installation), Windows 10 Version 20H2, Windows Server, version 2004 (Server Core installation), Windows 10 Version 2004, Windows Server, version 1909 (Server Core installation), Windows 10 Version 1909, Windows Server 2019 (Server Core installation), Windows Server 2019, Windows 10 Version 1809
***
## Warning
⚠️ Becareful when running this exploit on your system.
## Credits
- https://nvd.nist.gov/vuln/detail/cve-2021-1732
- https://bbs.kanxue.com/thread-266362.html
- https://github.com/exploitblizzard/Windows-Privilege-Escalation-CVE-2021-1732
- https://packetstormsecurity.com/files/166169/Win32k-ConsoleControl-Offset-Confusion-Privilege-Escalation.html
文件快照
[4.0K] /data/pocs/188786fb197616ce4331bcea723c07caaf11fafb
├── [4.0K] CVE-2021-1732
│ ├── [ 14K] CVE-2021-1732.cpp
│ ├── [7.5K] CVE-2021-1732.vcxproj
│ ├── [1.2K] CVE-2021-1732.vcxproj.filters
│ ├── [ 168] CVE-2021-1732.vcxproj.user
│ ├── [1.3K] Util.cpp
│ ├── [1.1K] Util.h
│ └── [4.0K] x64
│ └── [4.0K] Debug
│ ├── [ 314] CVE-2021-1732.exe.recipe
│ ├── [2.8K] CVE-2021-1732.log
│ ├── [ 82K] CVE-2021-1732.obj
│ ├── [ 26K] Util.obj
│ ├── [531K] vc142.idb
│ └── [380K] vc142.pdb
├── [4.0K] HookLib
│ ├── [4.0K] Include
│ │ └── [3.3K] HookLib.h
│ └── [4.0K] Lib
│ ├── [ 55K] HookLib.lib
│ └── [1.2M] Zydis.lib
├── [2.2K] README.md
├── [4.0K] screenshots
│ └── [2.0M] cve-gif.gif
└── [4.0K] x64
└── [4.0K] Debug
├── [1.6M] CVE-2021-1732.exe
├── [3.3M] CVE-2021-1732.ilk
└── [6.4M] CVE-2021-1732.pdb
9 directories, 20 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。