CVE-2024-26229 PoC — Microsoft Windows Kernel 安全漏洞

Source

https://github.com/shinspace92/cve-2024-26229

Associated Vulnerability

Title:Microsoft Windows Kernel 安全漏洞 (CVE-2024-26229)
Description:Microsoft Windows Kernel是美国微软（Microsoft）公司的Windows操作系统的内核。 Microsoft Windows Kernel存在安全漏洞。攻击者利用该漏洞可以提升权限。以下产品和版本受到影响：Windows 10 Version 1809 for 32-bit Systems,Windows 10 Version 1809 for x64-based Systems,Windows 10 Version 1809 for ARM64-based Systems,W

Description

Nim touch up of CVE 2024 26229

Readme

# cve-2024-26229
A nim version of the (now outdated) Windows LPE vulnerability abusing CSC. 
This is for educational purposes only, and refer to the patch list to determine whether or not your system/your target is vulnerable.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26229 

# Usage
### Compilation
```
# Make sure you have the necessary nim libraries installed
# This will create a main.exe
nim c --app=console --cpu=amd64 --os=windows -d:release --gc:arc --passL:-s main.nim
```

### What Actually Gets Executed
The template uses powershell to execute a base64 encoded script block. Host your payload on a web server (or utilize the file hosting mechanism available on most C2 platforms), base64 encode the download string and simply replace the ###Your base64 delivery here### with the base64 encoded string.

# Indicators of Compromise
### Host-Based Analysis
To be updated

### Network-Based Analysis
To be updated

File Snapshot


 [4.0K]  /data/pocs/db0e351b3bec657e9057f7cd86eacf8cec675dc7
├── [180K]  main.exe
├── [8.3K]  main.nim
└── [ 942]  README.md

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!