CVE-2018-8120 PoC — Microsoft Windows 权限许可和访问控制问题漏洞

Source

https://github.com/qiantu88/CVE-2018-8120

Associated Vulnerability

Title:Microsoft Windows 权限许可和访问控制问题漏洞 (CVE-2018-8120)
Description:Microsoft Windows 7 SP1、Windows Server 2008 SP2和Windows Server 2008 R2 SP1都是美国微软（Microsoft）公司的产品。Microsoft Windows 7 SP1是一套供个人电脑使用的操作系统；Windows Server 2008 SP2是一套服务器操作系统。R2 SP1是它的升级版。 Microsoft Windows中存在提权漏洞，该漏洞源于Win32k组件没有正确的处理内存中的对象。攻击者可利用该漏洞在内核模式下以提升的

Readme

# CVE-2018-8120
CVE-2018-8120 Windows LPE exploit

测试支持: Win7 x32, Win7 x64, Win2008 x32, Win2008 R2 x32, Win2008 R2 Datacenter x64, Win2008 Enterprise x64
         WinXP x32, Win2003 x32,Win2003 x64

原exp不支持xp，2003，当前代码在原基础上增加了对这两个系统的支持。

## Usage
```shell
CVE-2018-8120 exploit by @Topsec_Alpha_lab(https://github.com/alpha1ab)
Usage: exp.exe command
Example: exp.exe "net user admin admin /add"
```
## Caution
* 编译32位版本的exp,请从工程中排除shellcode.asm文件.

## Reference
* https://github.com/unamer/CVE-2018-8120

File Snapshot


 [4.0K]  /data/pocs/5cf92e06df3a2f7a8b7acdbac007ad547bf05eeb
├── [4.0K]  CVE-2018-8120
│   ├── [4.0K]  CVE-2018-8120
│   │   ├── [7.2K]  CVE-2018-8120.vcxproj
│   │   ├── [ 958]  CVE-2018-8120.vcxproj.filters
│   │   ├── [2.2K]  shellcode.asm
│   │   └── [ 16K]  Source.cpp
│   ├── [1.3K]  CVE-2018-8120.sln
│   ├── [4.0K]  Release
│   │   └── [ 80K]  CVE-2018-8120.exe
│   └── [4.0K]  x64
│       └── [4.0K]  Release
│           └── [ 93K]  CVE-2018-8120.exe
└── [ 601]  README.md

5 directories, 8 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!