Microsoft Windows TOCTOU Local Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Windows Kernel Time of Check Time of Use LPE in AuthzBasepCopyoutInternalSecurityAttributes', 'Description' = %q CVE-2024-30088 is a Windows Kern...

Microsoft Windows TokenMagic Privilege Escalation Exploit

This Metasploit module leverages a UAC bypass TokenMagic in order to spawn a process/conduct a DLL hijacking attack to gain SYSTEM-level privileges. Windows 7 through Windows 10 1803 are affected. This module requires Metasploit: https://metasploit.com/download Current source:...

Microsoft Windows DrawIconEx Local Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/post/file' require 'msf/core/exploit/exe' require 'msf/core/post/windows/priv' class MetasploitModule 'Microsoft Windows DrawIconEx OOB Write Local...

Windows Net-NTLMv2 Reflection DCOM/RPC Exploit

This Metasploit module utilizes the Net-NTLMv2 reflection between DCOM/RPC to achieve a SYSTEM handle for elevation of privilege. Currently the module does not spawn as SYSTEM, however once achieving a shell, one can easily use incognito to impersonate the token. This module requires Metasploit:...

Microsoft Windows ALPC Task Scheduler Local Privilege Elevation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/post/file' require 'msf/core/post/windows/priv' require 'msf/core/post/windows/registry' TODO: Do we need this? require 'msf/core/exploit/exe' class...

Windows WMI Recieve Notification

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/post/windows/reflectivedllinjection' class MetasploitModule 'Windows WMI Recieve Notification Exploit', 'Description' = %q This module exploits an...

Windows Escalate UAC Protection Bypass (In Memory Injection) Abusing WinSXS Exploit

This Metasploit module will bypass Windows UAC by utilizing the trusted publisher certificate through process injection. It will spawn a second shell that has the UAC flag turned off by abusing the way "WinSxS" works in Windows systems. This Metasploit module uses the Reflective DLL Injection...

Windows WMI Receive Notification Exploit

This module exploits an uninitialized stack variable in the WMI subsystem of ntoskrnl. This module has been tested on vulnerable builds of Windows 7 SP0 x64 and Windows 7 SP1 x64. This module requires Metasploit: https://metasploit.com/download Current source:...

MS16-032 Secondary Logon Handle local mention the right vulnerability

No description provided by source. This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'msf/core/payloadgenerator' require 'msf/core/exploit/powershell' require 'rex' class MetasploitModule...

MS16-016 mrxdav.sys WebDav Local Privilege Escalation

This module exploits the vulnerability in mrxdav.sys described by MS16-016. The module will spawn a process on the target system and elevate its privileges to NT AUTHORITY\SYSTEM before executing the specified payload within the context of the elevated process. This module requires Metasploit:...