CVE-2023-28293 PoC — Microsoft Windows Kernel 安全漏洞

Source

Associated Vulnerability

Description

Exploit for CVE-2023-28293 

Readme

CVE-2023-28293 – Vulnerable Driver Exploit (Local Privilege Escalation)

This PoC exploits a vulnerability in a kernel-mode driver to achieve local privilege escalation via a crafted IOCTL call.

About the vulnerability:
CVE-2023-28293 is a vulnerability in a signed driver that allows user-mode applications to send specially crafted IOCTL requests to perform arbitrary kernel memory operations. This can be abused to escalate privileges or execute code in kernel context.

Requirements
-    Windows (x64) system
-    Administrator privileges (required to load kernel drivers)
-    Test-signing enabled or patched signature checks (if the driver is unsigned)
-    Vulnerable driver binary (.sys)

Structure
-    core.h – Common definitions (driver path, device name, IOCTL code, buffer size, logging macros)
-    main.c – Loads the driver, sends crafted IOCTL, unloads the driver

Usage
-    Compile the project using Visual Studio or MinGW
-    cl main.c /link advapi32.lib
-    Run as administrator. If successful, the crafted IOCTL will interact with the vulnerable driver. The output is printed to the console.

References
-    Microsoft Security Advisory

File Snapshot

 [4.0K]  /data/pocs/e2b6d46d225fd90b8df38dae2949de67049aaf67
├── [2.1K]  core.cpp
├── [ 715]  core.h
├── [1.1K]  main.cpp
└── [1.1K]  README.md

0 directories, 4 files

Remarks