Fortinet FortiClient 5.2.3 (Windows 10 x64 Creators) - Local Privilege Escalation Exploit

Exploit for windows platform in category local exploits include "stdafx.h" include include include include pragma comment lib,"psapi" PULONGLONG leakbuffer = PULONGLONGVirtualAllocLPVOID0x000000001a000000, 0x2000, MEMRESERVE | MEMCOMMIT, PAGEREADWRITE; ULONGLONG leakQWORDULONGLONG addr, HANDLE...

Microsoft Window Manager (Windows 7 x86) - Menu Management Component UAF Privilege Elevation Exploit

Exploit for windows platform in category local exploits include include include include pragma commentlib, "psapi.lib" define POCDEBUG 0 if POCDEBUG == 1 define POCDEBUGBREAK getchar elif POCDEBUG == 2 define POCDEBUGBREAK DebugBreak else define POCDEBUGBREAK endif static PVOIDfastcall...

Microsoft Windows Manager (7 x86) - Menu Management Component UAF Privilege Elevation

include include include include pragma commentlib, "psapi.lib" define POCDEBUG 0 if POCDEBUG == 1 define POCDEBUGBREAK getchar elif POCDEBUG == 2 define POCDEBUGBREAK DebugBreak else define POCDEBUGBREAK endif static PVOIDfastcall pfnHMValidateHandleHANDLE, BYTE = NULL; static constexpr UINT...

Microsoft Windows Kernel (7 x86) - Local Privilege Escalation (MS17-017)

include include include include pragma commentlib, "psapi.lib" define POCDEBUG 0 if POCDEBUG == 1 define POCDEBUGBREAK getchar elif POCDEBUG == 2 define POCDEBUGBREAK DebugBreak else define POCDEBUGBREAK endif CONST LONG maxTimes = 2000; CONST LONG tmpTimes = 3000; static HBITMAP hbitmapmaxTimes ...

Forticlient 5.2.3 Windows 10 x64 (Post Anniversary) - Privilege Escalation Exploit

Exploit for windows platform in category local exploits / Check these out: - https://www.coresecurity.com/system/files/publications/2016/05/Windows%20SMEP%20bypass%20U%3DS.pdf - https://labs.mwrinfosecurity.com/blog/a-tale-of-bitmaps/ Tested on: - Windows 10 Pro x64 Post-Anniversary - hal.dll:...

MS11-080 AfdJoinLeaf Privilege Escalation

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'rex' require 'msf/core/post/common' require...

MS11-080 Afd.sys Privilege Escalation Exploit( CVE-2011-2005)

No description provided by source. MS11-080 - CVE-2011-2005 Afd.sys Privilege Escalation Exploit Author: [email protected] - Matteo Memelli Spaghetti & Pwnsauce yuck! 0xbaadf00d Elwood@mac&cheese.com Thx to dookielifesaver2000ca, dijital1 and ronin for helping out! To my Master Shifu muts: "So...

Kingsoft AntiVirus 2010.04.26.648 - Kernel Buffer Overflow

!/usr/bin/python Title: Kingsoft Antivirus Kernel Buffer Overflow Exploit Author: Lufeng Li of Neusoft Corporation Vendor: www.duba.net Platform: Windows XPSP3 Chinese Simplified Tested: Kingsoft Antivirus v2010.04.26.648 Vulnerable: Kingsoft Antivirus =v2010.04.26.648 Vulnerable App:...

QQ Computer Manager - TSKsp.sys Local Denial of Service

QQ Computer Manager - TSKsp.sys Local Denial of Service !/usr/bin/python Title: QQ Computer Manager TSKsp.sys Local Denial of Service Exploit Author: Lufeng Li of Neusoft Corporation Vendor: http://pcmgr.qq.com Vulnerable App: http://dldir2.qq.com/invc/qqmaster/setup/QQPCMgrSetup.exe Platform:...

avast! 4.7 aavmker4.sys privilege escalation

No description provided by source. !/usr/bin/python avast! 4.7 aavmker4.sys privilege escalation http://www.trapkit.de/advisories/TKADV2008-002.txt CVE-2008-1625 Tested on WindXpSp2/Sp3 Dep ON Matteo Memelli ryujin A-T offensive-security.com www.offensive-security.com Spaghetti & Pwnsauce -...

Avast! 4.7 - aavmker4.sys Local Privilege Escalation

Avast! 4.7 - aavmker4.sys Local Privilege Escalation !/usr/bin/python avast! 4.7 aavmker4.sys privilege escalation http://www.trapkit.de/advisories/TKADV2008-002.txt CVE-2008-1625 Tested on WindXpSp2/Sp3 Dep ON Matteo Memelli ryujin A-T offensive-security.com www.offensive-security.com Spaghetti ...

Avast! 4.7 aavmker4.sys privilege escalation

Exploit for windows platform in category local exploits ============================================ Avast! 4.7 aavmker4.sys privilege escalation ============================================ !/usr/bin/python avast! 4.7 aavmker4.sys privilege escalation...

Norman Virus Control - nvcoaft51.sys ioctl BF672028

Norman Virus Control - nvcoaft51.sys ioctl BF672028 / Norman Virus Control nvcoaft51.sys ioctl BF672028 exploit Abstract nvcoaft51.sys driver receive as parameter in some ioctl's a pointer to a KEVENT struct, calling KeSetEvent without any prior check. The device created by the driver NvcOa can b...