专栏名称: 安全祖师爷

国内领先的互联网安全媒体，WEB安全爱好者们交流与分享安全技术的最佳平台！这里聚集了XSS牛、SQL牛、提权牛、WEB牛、开发牛、运维牛，公众号定期分享安全教程及相关工具。与其在别处仰望不如在这里并肩！

近20年Windows权限提升集合

安全祖师爷 · 公众号 · · 2020-10-09 17:08

正文

来源：https://github.com/Ascotbe/Kernelhub

来源：https://www.ascotbe.com/2020/08/10/KernelHub/#%E5%88%A9%E7%94%A8%E6%96%B9%E5%BC%8F-4

前言

该项目是一个Windows提权搜集项目，除未通过测试EXP都有详细说明以及演示GIF图，如果项目中的代码有您的代码，本人为标注来源的请提交Issues

未测试成功编号

下列编号都是在筛选后未能通过复现测试的CVE，附带未成功原因，欢迎提交PR

SecurityBulletin	Remarks
CVE-2015-0002	有源码未能测试成功
CVE-2015-0062	有源码和EXP未能测试成功
CVE-2015-1725	有源码未知编译方式
CVE-2016-3309	有源码和EXP未能测试成功
CVE-2014-6321	只有winshock_test.sh文件
CVE-2019-0859	需要安装windows7 sp1 x64 需要更新2019年3月份的补丁
CVE-2018-8440
CVE-2018-1038	有源码未知编译方式
CVE-2013-5065	缺少NDProxy环境
CVE-2013-0008
CVE-2009-0079	未能利用
CVE-2011-0045	未能找到可用EXP
CVE-2010-2554	未能找到可用EXP
CVE-2005-1983	有源码和EXP未能测试成功
CVE-2012-0002	蓝屏漏洞无实际利用价值
CVE-2010-0020	未能找到可用EXP
CVE-2014-6324
CVE-2018-0743	未能找到利用POC

编号列表

SecurityBulletin	Description	OperatingSystem
CVE-2020-1472	Netlogon Elevation of Privilege	Windows 2008/2012/2016/2019/1903/1909/2004
CVE-2020-0796	SMBv3 Remote Code Execution	Windows 1903/1909
CVE-2020-0787	Windows Background Intelligent Transfer Service	Windows 7/8/10/2008/2012/2016/2019
CVE-2019-1458	Win32k Elevation of Privilege	Windows 7/8/10/2008/2012/2016
CVE-2019-1388	Windows Certificate Dialog Elevation of Privilege	Windows 7/8/2008/2012/2016/2019
CVE-2019-0859	Win32k Elevation of Privilege	Windows 7/8/10/2008/2012/2016/2019
CVE-2019-0803	Win32k Elevation of Privilege	Windows 7/8/10/2008/2012/2016/2019
CVE-2018-8639	Win32k Elevation of Privilege	Windows 7/8/10/2008/2012/2016/2019
CVE-2018-8453	Win32k Elevation of Privilege	Windows 7/8/10/2008/2012/2016/2019
CVE-2018-8440	Windows ALPC Elevation of Privilege	Windows 7/8/10/2008/2012/2016
CVE-2018-8120	Win32k Elevation of Privilege	Windows 7/2008
CVE-2018-1038	Windows Kernel Elevation of Privilege	Windows 7/2008
CVE-2018-0743	Windows Subsystem for Linux Elevation of Privilege	Windows 10/2016
CVE-2018-0833	SMBv3 Null Pointer Dereference Denial of Service	Windows 8/2012
CVE-2017-8464	LNK Remote Code Execution	Windows 7/8/10/2008/2012/2016
CVE-2017-0213	Windows COM Elevation of Privilege	Windows 7/8/10/2008/2012/2016
CVE-2017-0143	Windows Kernel Mode Drivers	Windows 7/8/10/2008/2012/2016/Vista
CVE-2017-0101	GDI Palette Objects Local Privilege Escalation	Windows 7/8/10/2008/2012/Vista
CVE-2016-7255	Windows Kernel Mode Drivers	Windows 7/8/10/2008/2012/2016/Vista
CVE-2016-3371	Windows Kernel Elevation of Privilege	Windows 7/8/10/2008/2012/Vista
CVE-2016-3309	Win32k Elevation of Privilege	Windows 7/8/10/2008/2012/Vista
CVE-2016-3225	Windows SMB Server Elevation of Privilege	Windows 7/8/10/2008/2012/Vista
CVE-2016-0099	Secondary Logon Handle	Windows 7/8/10/2008/2012/Vista
CVE-2016-0095	Win32k Elevation of Privilege	Windows 7/8/10/2008/2012/Vista
CVE-2016-0051	WebDAV Elevation of Privilege	Windows 7/8/10/2008/2012/Vista
CVE-2016-0041	Win32k Memory Corruption Elevation of Privilege	Windows 7/8/10/2008/2012/Vista
CVE-2015-2546	Win32k Memory Corruption Elevation of Privilege	Windows 7/8/10/2008/2012/Vista
CVE-2015-2387	ATMFD.DLL Memory Corruption	Windows 7/8/2003/2008/2012/Vista/Rt
CVE-2015-2370	Windows RPC Elevation of Privilege	Windows 7/8/10/2003/2008/2012/Vista
CVE-2015-1725	Win32k Elevation of Privilege	Windows 7/8/10/2003/2008/2012/Vista
CVE-2015-1701	Windows Kernel Mode Drivers	Windows 7/2003/2008/Vista
CVE-2015-0062	Windows Create Process Elevation of Privilege	Windows 7/8/2008/2012
CVE-2015-0057	Win32k Elevation of Privilege	Windows 7/8/2003/2008/2012/Vista
CVE-2015-0003	Win32k Elevation of Privilege	Windows 7/8/2003/2008/2012/Vista
CVE-2015-0002	Microsoft Application Compatibility Infrastructure Elevation of Privilege	Windows 7/8/2003/2008/2012
CVE-2014-6324	Kerberos Checksum Vulnerability	Windows 7/8/2003/2008/2012/Vista
CVE-2014-6321	Microsoft Schannel Remote Code Execution	Windows 7/8/2003/2008/2012/Vista
CVE-2014-4113	Win32k.sys Elevation of Privilege	Windows 7/8/2003/2008/2012/Vista
CVE-2014-4076	TCP/IP Elevation of Privilege	Windows 2003
CVE-2014-1767	Ancillary Function Driver Elevation of Privilege	Windows 7/8/2003/2008/2012/Vista
CVE-2013-5065	NDProxy.sys	Windows XP/2003
CVE-2013-1345	Kernel Driver	Windows 7/8/2003/2008/2012/Vista/Rt/Xp
CVE-2013-1332	DirectX Graphics Kernel Subsystem Double Fetch	Windows 7/8/2003/2008/2012/Vista/Rt
CVE-2013-0008	Win32k Improper Message Handling	Windows 7/8/2008/2012/Vista/Rt
CVE-2012-0217	Service Bus	Windows 7/2003/2008/Xp
CVE-2012-0002	Remote Desktop Protocol	Windows 7/2003/2008/Vista/Xp
CVE-2011-2005	Ancillary Function Driver Elevation of Privilege	Windows 2003/Xp
CVE-2011-1974	NDISTAPI Elevation of Privilege	Windows 2003/Xp
CVE-2011-1249	Ancillary Function Driver Elevation of Privilege	Windows 7/2003/2008/Vista/Xp
CVE-2011-0045	Windows Kernel Integer Truncation	Windows Xp
CVE-2010-4398	Driver Improper Interaction with Windows Kernel	Windows 7/2003/2008/Vista/Xp
CVE-2010-3338	Task Scheduler	Windows 7/2008/Vista
CVE-2010-2554	Tracing Registry Key ACL	Windows 7/2008/Vista
CVE-2010-1897	Win32k Window Creation	Windows 7/2003/2008/Vista/Xp
CVE-2010-0270	SMB Client Transaction	Windows 7/2008
CVE-2010-0233	Windows Kernel Double Free	Windows 2000/2003/2008/Vista/Xp
CVE-2010-0020	SMB Pathname Overflow	Windows 7/2000/2003/2008/Vista/Xp
CVE-2009-2532	SMBv2 Command Value	Windows 2008/Vista
CVE-2009-0079	Windows RPCSS Service Isolation	Windows 2003/Xp
CVE-2008-4250	Server Service	Windows 2000/2003/Vista/Xp
CVE-2008-4037	SMB Credential Reflection	Windows 2000/2003/2008/Vista/Xp
CVE-2008-3464	AFD Kernel Overwrite	Windows 2003/Xp
CVE-2008-1084	Win32.sys	Windows 2000/2003/2008/Vista/Xp
CVE-2006-3439	Remote Code Execution	Windows 2000/2003/Xp
CVE-2005-1983	PnP Service	Windows 2000/Xp
CVE-2003-0352	Buffer Overrun In RPC Interface	Windows 2000/2003/Xp/Nt

所需环境

测试目标系统

近20年Windows权限提升集合

正文

编号列表

所需环境

请到「今天看啥」查看全文