关联漏洞
标题:Windows Kernel 信息泄露漏洞 (CVE-2021-31955)Description:Microsoft Windows是美国微软(Microsoft)公司的一种桌面操作系统。 Windows Kernel存在安全漏洞。以下产品和版本受到影响:Windows 10 Version 1809 for 32-bit Systems,Windows 10 Version 1809 for x64-based Systems,Windows 10 Version 1809 for ARM64-based Systems,Windows Server 2019,Windows Server 2019
Description
A combined POC for CVE-2021-31955, CVE-2015-4077, and CVE-2015-5736
介绍
# forti_shield
A combined POC for CVE-2021-31955, CVE-2015-4077, and CVE-2015-5736
This one of the possible solutions for an extra mile in the 2022 version of the EXP-401 course. This extra mile was removed in the 2025 version of the course. This solution will not work for the current extra mile without changing offsets. All offsets in this poc are hardcoded and it is not version independent. It works on Windows 10 20H2.
CVE-2021-31955 POC from freeide was modified to leak the EPROCESS of the exploits process. https://github.com/freeide/CVE-2021-31955-POC
Morten and Sickness's POC for CVE-2015-4077 and CVE-2015-5736 was then modifeid to work with 20H2 https://www.exploit-db.com/exploits/45149
<img width="1900" height="1126" alt="image" src="https://github.com/user-attachments/assets/00428b86-43d6-4466-9b81-cf4737b540b9" />
文件快照
[4.0K] /data/pocs/c945a8a52b1fb18918489ad21ff7ac6484d18dcc
├── [ 20K] forti_exploit.cpp
├── [1.1K] LICENSE
├── [475K] ntdll_x64.lib
├── [173K] ntos.h
├── [ 840] README.md
├── [ 301] stdafx.cpp
├── [ 320] stdafx.h
├── [ 314] targetver.h
└── [ 746] token_stealing.asm
1 directory, 9 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。