首页
社区
课程
招聘
[分享] win提权漏洞文章收集
发表于: 2023-3-20 17:11 9560

[分享] win提权漏洞文章收集

2023-3-20 17:11
9560

二进制漏洞方向新人,学习各位大佬分享的文章中,做了个简单的汇总
后续慢慢学习完这些漏洞与文章,后期见到也会再更新上来

内核

猫鼠游戏:Windows内核提权样本狩猎思路分享
https://mp.weixin.qq.com/s/j72DUDKS8MX4iA10WBs2XA
Windows内核信息泄露技巧
https://github.com/sam-b/windows_kernel_address_leaks
通过 Windows 用户模式回调实施的内核攻击
https://xiaodaozhi.com/exploit/29.html
Scoop the Windows 10 pool ! 翻译 & 复现 https://paper.seebug.org/1743/
堆喷
https://wooyun.js.org/drops/%E7%BE%8A%E5%B9%B4%E5%86%85%E6%A0%B8%E5%A0%86%E9%A3%8E%E6%B0%B4%EF%BC%9A%20%E2%80%9CBig%20Kids%E2%80%99%20Pool%E2%80%9D%E4%B8%AD%E7%9A%84%E5%A0%86%E5%96%B7%E6%8A%80%E6%9C%AF.html

HEVD

https://github.com/hacksysteam/HackSysExtremeVulnerableDriver
StackOverflow
StackOverflowGS
IntegerOverflow
UseAfterFree
TypeConfusion
ArbitraryWrite
DoubleFetch
UninitializedStackVariable
UninitializedHeapVariable
NullPointerDereference
Buffer Overflow NonPagedPool

UseAfterFree

CVE-2015-0057
https://www.anquanke.com/post/id/192604#h3-6
https://mp.weixin.qq.com/s/qfpE7VqHeOKbM-F7JQ1x0Q
CVE-2015-2546
https://xiaodaozhi.com/exploit/122.html
CVE-2016-0167
https://xiaodaozhi.com/exploit/135.html
CVE-2016-3308
https://xz.aliyun.com/t/4543
https://github.com/55-AA/CVE-2016-3308/blob/master/CVE-2016-3308.md
CVE-2017-0263
https://xiaodaozhi.com/exploit/71.html
CVE-2018-8453
https://xz.aliyun.com/t/8614
CVE-2019-0623
https://mp.weixin.qq.com/s/5KFEKs2jepivBSSdCsHefA

NullPointerDereference

CVE-2018-8120
https://bbs.kanxue.com/thread-272273.htm
CVE-2019-0808
https://www.anquanke.com/post/id/218837
CVE-2019-1132
https://mp.weixin.qq.com/s/ar5vcvZxLGXX4KMqzkO8vg

IntegerOverflow

CVE-2016-0165
https://xiaodaozhi.com/exploit/32.html
CVE-2016-3309
https://bbs.kanxue.com/thread-272931.htm
CVE-2017-0101
https://xiaodaozhi.com/exploit/70.html
CVE-2020-0796
https://www.anquanke.com/post/id/215953
CVE-2021-31956
https://dawnslab.jd.com/CVE-2021-31956/
https://mp.weixin.qq.com/s?__biz=MjM5NTc2MDYxMw==&mid=2458431722&idx=1&sn=f062bf8326f24fd15293f7aec4b4c07f&chksm=b18f806086f8097679ec1455577d09b2d236c2e4feb584c7918b610591398f2ffcf21ccf157e&scene=27

TypeConfusion

CVE-2021-1732
https://www.anquanke.com/post/id/241804
CVE-2022-21882
http://blog.topsec.com.cn/cve-2022-21882-win32k%E5%86%85%E6%A0%B8%E6%8F%90%E6%9D%83%E6%BC%8F%E6%B4%9E%E6%B7%B1%E5%85%A5%E5%88%86%E6%9E%90/
CVE-2016-7255
https://mp.weixin.qq.com/s/aYfBtnQQNiA2aU_ro3OhzA

Uninitialized Variable

CVE-2019-1458
https://thunderjie.github.io/2020/03/21/CVE-2019-1458-%E4%BB%8E-%E6%BC%8F%E6%B4%9E%E6%8A%A5%E5%91%8A-%E5%88%B0POC%E7%9A%84%E7%BC%96%E5%86%99%E8%BF%87%E7%A8%8B/

ArbitraryWrite-越界写

CVE-2020-1054
https://www.anquanke.com/post/id/209329#h2-0

Pool Overflow-池溢出

CVE-2022-21916
https://paper.seebug.org/1920/

其他

CVE-2020-1170
https://itm4n.github.io/cve-2020-1170-windows-defender-eop/
CVE-2020-1048
https://mp.weixin.qq.com/s/1FyUakK_u_LUKHeSFu52Ew
CVE-2021-1675
https://paper.seebug.org/1699/
CVE-2023-21746
https://github.com/decoder-it/LocalPotato


[注意]传递专业知识、拓宽行业人脉——看雪讲师团队等你加入!

收藏
免费 3
支持
分享
最新回复 (0)
游客
登录 | 注册 方可回帖
返回
//