Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-26229 PoC — Microsoft Windows Kernel 安全漏洞

Source
https://github.com/Cracked5pider/eop24-26229
Associated Vulnerability
Title:Microsoft Windows Kernel 安全漏洞 (CVE-2024-26229)
Description:Microsoft Windows Kernel是美国微软(Microsoft)公司的Windows操作系统的内核。 Microsoft Windows Kernel存在安全漏洞。攻击者利用该漏洞可以提升权限。以下产品和版本受到影响:Windows 10 Version 1809 for 32-bit Systems,Windows 10 Version 1809 for x64-based Systems,Windows 10 Version 1809 for ARM64-based Systems,W
Description
A firebeam plugin that exploits the CVE-2024-26229 vulnerability to perform elevation of privilege from a  privileged user
Readme
# Firebeam CVE-2024-26229 plugin

A small firebeam (kaine's risc-v vm) to exploit the CVE-2024-26229 vulnerability that utilizes a vulnerable IOCTL in csc.sys for kernel memory R/W access to corrupt the KTHREAD->PreviousMode and then to leveraging DKOM to achieve LPE by copying over the token from the system process over to the current process token.

![preview](https://raw.githubusercontent.com/Cracked5pider/eop24-26229/main/assets/image.png)

### credits
- https://nvd.nist.gov/vuln/detail/CVE-2024-26229
- https://github.com/varwara/CVE-2024-26229
File Snapshot

 [4.0K]  /data/pocs/e85680c00be9b0a0c524e2d5dc25126e6a4fee3d
├── [4.0K]  assets
│   └── [958K]  image.png
├── [4.0K]  bin
│   ├── [4.6K]  eop24-26229.x64.bin
│   └── [4.0K]  obj
├── [ 420]  CMakeLists.txt
├── [4.0K]  include
│   ├── [5.0K]  common.h
│   ├── [ 14K]  firebeam.h
│   └── [ 12K]  sal.h
├── [1.4K]  makefile
├── [ 492]  plugin.json
├── [1.4K]  plugin.py
├── [ 554]  README.md
├── [4.0K]  scripts
│   ├── [4.3K]  relocs.py
│   └── [ 572]  sections.ld
└── [4.0K]  src
    └── [8.1K]  main.cc

6 directories, 13 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.