您的位置:首页 > 编程语言 > ASP

Windows内核利用表

2020-07-29 00:00 776 查看

行业解决方案、产品招募中!想赚钱就来传!>>>

马铃薯(高)

MS09-012(高)
MS10_015(高)
MS10-047(低)
MS10-059(高)
MS10-073(中)
MS10-092(高)
MS11-011(中)
MS11-046(高)
MS11-062(高)
MS11-080(高)
MS13-005(中)
MS13-053(中)
MS13-081(中)
MS14-002(高)
MS14-026(低)
MS14-040(高)
MS14_058(高)
MS14-068(中)
MS14_070(高)
MS15_004(中)
MS15-010(中)
MS15-051(中)
MS15-076(中)
MS15-078(中)
MS15-102(中)
MS16-014(高)
MS16-016(高)
MS16-032(高)
MS16-034(非常低)
MS16-075(中)
MS16-098(高)
MS16-135(高)

Potato (high)

受影响的版本

不依赖于操作系统版本

利用数据库

未找到

github 

https://github.com/ohpe/juicy-potato/releases
https://github.com/foxglovesec/RottenPotato

metasploit

MS09-012 (high)

受影响的版本

Microsoft Windows 2000 Service Pack 4
Windows XP Service Pack 2 / Windows XP Service Pack 3
Windows XP Professional x64 Edition / Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 1 / Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition / Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 with SP1 for Itanium-based Systems / Windows Server 2003 with SP2 for Itanium-based Systems
Windows Vista / Windows Vista Service Pack 1
Windows Vista x64 Edition / Windows Vista x64 Edition Service Pack 1
Windows Server 2008 for 32-bit Systems
Windows Server 2008 for x64-based Systems
Windows Server 2008 for Itanium-based Systems

利用数据库

https://www.exploit-db.com/exploits/6705 (Microsoft Windows Server 2003 - Token Kidnapping Local Privilege Escalation)

github 

https://github.com/SecWiki/windows-kernel-exploits/tree/master/MS09-012
https://github.com/Re4son/Chimichurri

metasploit

MS09-015 (high)

受影响的版本

Windows Server 2003, Windows Server 2008, 7, XP
Microsoft Windows 2000 Service Pack 4
Windows XP Service Pack 2 \ Windows XP Service Pack 3
Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems
Windows Vista、Windows Vista Service Pack 1 \ Windows Vista Service Pack 2
Windows Vista x64 Edition、Windows Vista x64 Edition Service Pack 1 \ Windows Vista x64 Edition Service Pack 2
Windows Server 2008 for 32-bit Systems \ Windows Server 2008 for 32-bit Systems Service Pack 2*
Windows Server 2008 for x64-based Systems \ Windows Server 2008 for x64-based Systems Service Pack 2*
Windows Server 2008 for Itanium-based Systems \ Windows Server 2008 for Itanium-based Systems Service Pack 2
Windows 7 for 32-bit Systems

利用数据库

https://www.exploit-db.com/exploits/11199  Microsoft Windows NT/2000/2003/2008/XP/Vista/7 - 'KiTrap0D' User Mode to Ring Escalation (MS10-015)

github 

https://github.com/SecWiki/windows-kernel-exploits/tree/master/MS10-015
https://github.com/am0nsec/exploit/tree/master/windows/privs/MS10-015-KiTrap0D

metasploit

exploit/windows/local/ms10_015_kitrap0d

MS09-019 (high)

受影响的版本

Windows Vista Service Pack 1 \ Windows Vista Service Pack 2
Windows Vista x64 Edition Service Pack 1 \ Windows Vista x64 Edition Service Pack 2
Windows Server 2008 for 32-bit Systems \ Windows Server 2008 for 32-bit Systems Service Pack 2*
Windows Server 2008 for x64-based Systems \ Windows Server 2008 for x64-based Systems Service Pack 2*
Windows Server 2008 for Itanium-based Systems \ Windows Server 2008 for Itanium-based Systems Service Pack 2
Windows 7 for 32-bit Systems
Windows 7 for x64-based Systems
Windows Server 2008 R2 for x64-based Systems*
Windows Server 2008 R2 for Itanium-based Systems

利用数据库

github 

https://github.com/SecWiki/windows-kernel-exploits/tree/master/MS10-059

metasploit

MS09-019 (中)

受影响的版本

Windows XP Service Pack 3
Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 SP2(用于基于Itanium的系统)
Windows Vista Service Pack 1和Windows Vista Service Pack 2
Windows Vista x64 Edition Service Pack 1和Windows Vista x64 Edition Service Pack 2
Windows Server 2008(用于32位系统)Windows Server 2008 Service Pack 2(用于32位系统)*
Windows Server 2008(用于基于x64的系统)和Windows Server 2008(用于基于x64的系统) Service Pack 2 *
Windows Server 2008(用于基于Itanium的系统)和Windows Server 2008(用于基于Itanium的系统)Service Pack 2
Windows 7(用于32位系统)
Windows 7(用于基于x64的系统)
Windows Server 2008 R2(用于基于x64的系统)*
Windows Server 2008 R2(用于基于Itanium的系统)

利用数据库

https://www.exploit-db.com/exploits/15985

github 

metasploit

post/windows/escalate/ms10_073_kbdlayout

MS09-092(高)

受影响的版本

Windows Vista Service Pack 1和Windows Vista Service Pack 2
Windows Vista x64 Edition Service Pack 1和Windows Vista x64 Edition Service Pack 2
Windows Server 2008(用于32位系统)和Windows Server 2008(用于32位系统)Service Pack 2 *
Windows Server 2008用于基于x64的系统和Windows Server 2008(用于基于x64的系统)Service Pack 2 *
Windows Server 2008(用于基于Itanium的系统)和Windows Server 2008(用于基于Itanium的系统)Service Pack 2
Windows 7(用于32位系统)
Windows 7(用于x64-基于
Windows Server 2008 R2(用于基于x64的系统)
Windows Server 2008 R2(用于基于Itanium的系统)

利用数据库

https://www.exploit-db.com/exploits/19930

github 

https://git
7b4
hub.com/SecWiki/windows-kernel-exploits/tree/master/MS10-092

metasploit

exploit/windows/local/ms10_092_schelevator

MS11-011(中)

受影响的版本

Windows XP Service Pack 3
Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 SP2(用于基于Itanium的系统)
Windows Vista Service Pack 1
Windows Vista Service Pack 2
Windows Vista x64 Edition Service Pack 1
Windows Vista x64 Edition Service Pack 2
Windows Server 2008(用于32位系统)
Windows Server 2008(用于32位系统)Service Pack 2 *
Windows Server 2008(用于基于x64的系统)
Windows Server 2008(用于基于x64的系统)系统Service Pack 2 *
Windows Server 2008(用于基于Itanium的系统)
Windows Server 2008 Service Pack 2(用于基于Itanium的系统)
Windows 7(用于32位系统)
Windows 7(用于基于x64的系统)
Windows Server 2008 R2(用于基于x64的系统)*
Windows Server 2008 R2(用于基于Itanium的系统)

利用数据库

https://www.exploit-db.com/exploits/16262

github 

https://github.com/SecWiki/windows-kernel-exploits/tree/master/MS11-011

metasploit

MS11-046(高)

受影响的版本

#Windows XP SP3 x86
#Windows XP Pro SP2 x64
#Windows Server 2003 SP2 x86
#Windows Server 2003 SP2 x64
#Windows Server 2003 SP2基于Itanium的系统
#Windows Vista SP1 x86
#Windows Vista SP2 x86
#Windows Vista SP1 x64
#Windows Vista SP2 x64
#Windows Server 2008 x86
#Windows Server 2008 SP2 x86
#Windows Server 2008 x64
#Windows Server 2008 SP2 x64
#Windows Server 2008基于Itanium的系统
#Windows Server 2008 SP2基于Itanium的系统
#Windows 7 x86
# Windows 7 SP1 x86
#Windows 7 x64
#Windows 7 SP1 x64
#Windows Server 2008 R2 x64
#Windows Server 2008 R2 SP1 x64
#Windows Server 20 1ff9 08 R2基于Itanium的系统
#Windows Server 2008 R2 SP1基于Itanium的系统
#Windows XP SP3 x86
#Windows Server 2003 SP2 x86
#Windows Vista SP1 x86
#Windows Vista SP2 x86
#Windows Server 2008 x86
#Windows Server 2008 SP2 x86
#Windows 7 x86
#Windows 7 SP1 x86
XP Pro SP3 x86 ZH [5.1.2600]
#Windows Server 2003 Ent SP2 EN [5.2.3790]
#Windows Vista Ult SP1 x86 EN [6.0.6001]
#Windows Vista Ult SP2 x86 ZH [6.0.6002]#Windows
Server 2008 That SP1 x86 ZH [6.0.6001]
#Windows Server 2008 Ent SP2 x86 ZH [6.0.6002]#Windows
7 HB x86 EN [6.1.7600]
# Windows 7 Ent SP1 x86 ZH [6.1.7601]

利用数据库

https://www.exploit-db.com/exploits/40564

github 

https://github.com/SecWiki/windows-kernel-exploits/tree/master/MS11-046
https://github.com/am0nsec/exploit/tree/master/windows/privs/MS11-046

metasploit

MS11-062(高)

受影响的版本

远程访问服务NDISTAPI驱动程序的NDISTAPI.sys组件中存在一个特权提升漏洞。
此漏洞是由NDISTAPI 驱动程序在将数据从用户模式传递到Windows内核时不正确地验证用户提供的输入而引起的。
攻击者必须具有有效的登录凭据,并且能够在本地登录以利用此漏洞。
成功利用此漏洞的攻击者可以在内核模式下运行任意代码(即,具有NT AUTHORITY \ SYSTEM特权)

Windows XP SP3 x86
Windows XP Pro SP2 x64
Windows Server 2003 SP2 x86
Windows Server 2003 SP2 x64
Windows Server 2003 SP2基于Itanium的系统
Windows XP SP3 x86
Windows Server 2003 SP2 x86
Windows Server 2003 Ent SP2 ZH [5.2.3790]


利用数据库

https://www.exploit-db.com/exploits/40627

github 

https://github.com/SecWiki/windows-kernel-exploits/tree/master/MS11-062

metasploit

MS11-080(高)

受影响的版本

Windows XP Service Pack 3
Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 SP2(用于基于Itanium的系统)

利用数据库

https://www.exploit-db.com/exploits/18176
https://www.exploit-db.com/exploits/21844

github 

https://github.com/SecWiki/windows-kernel-exploits/tree/master/MS11-080
https://github.com/am0nsec/exploit/tree/master/windows/privs/MS11-080

metas 2000 ploit

exploit/windows/local/ms11_080_afdjoinleaf

MS13-005(高)

受影响的版本

Windows Vista Service Pack 2
Windows Vista x64 Edition Service Pack 2
Windows Server 2008(用于32位系统)Service Pack 2
Windows Server 2008(用于基于x64的系统)Service Pack 2
Windows Server 2008(用于基于Itanium的系统)Service Pack 2
Windows 7(用于32-位系统
Windows 7(用于32位系统)Service Pack 1
Windows 7(用于基于x64的系统)
Windows 7(用于基于x64的系统)Service Pack 1
Windows Server 2008 R2(用于基于x64的系统)
Windows Server 2008 R2(用于基于x64的系统)Service Pack 1
Windows Server 2008 R2(用于基于Itanium的系统)
Windows Server 2008 R2(用于基于Itanium的系统)Service Pack 1
Windows 8(用于32位系统)
Windows 8(用于64位系统)
Windows Server 2012
Windows RT
Windows Server 2008(用于32位系统)Service Pack 2
Windows Server 2008(用于基于x64的系统)Service Pack 2
Windows Server 2008 R2(用于基于x64的系统)
Windows Server 2008 R2(用于x64-基于系统)Service Pack 1

利用数据库

https://www.exploit-db.com/exploits/24485

github 

https://github.com/SecWiki/windows-kernel-exploits/tree/master/MS13-005

metasploit

exploit/windows/local/ms13_005_hwnd_broadcast

MS13-053(中)

受影响的版本

Windows XP Service Pack 3
Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 SP2(用于基于Itanium的系统)
Windows Vista Service Pack 2
Windows Vista x64 Edition Service Pack 2
Windows Server 2008(用于32位系统的Service Pack 2)
Windows Server 2008(用于基于x64的系统)Service Pack 2
Windows Server 2008(用于基于Itanium的系统)Service Pack 2
Windows 7(用于32位系统)Service Pack 1
Windows 7(用于基于x64的系统Service)包1
Windows Server 2008 R2(用于基于x64的系统)Service Pack 1
Windows Server 2008 R2(用于基于Itanium的系统)Service Pack 1
Windows 8(用于32位系统)
Windows 8(用于64位系统)
Windows Server 2012
Windows RT [1](2850851)

利用数据库

https://www.exploit-db.com/exploits/33213

github 

https://github.com/SecWiki/windows-kernel-exploits/tree/master/MS13-053

metasploit

 exploit/windows/local/ms13_053_schlamperei

MS13-081(中)

受影响的版本

Windows XP Service Pack 3
Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 SP2(用于基于Itanium的系统)
Windows Vista Service Pack 2
Windows Vista x64 Edition Service Pack 2
Windows Server 2008(用于32位系统的Service Pack 2)
Windows Server 2008(用于基于x64的系统)Service Pack 2
Windows Server 2008(用于基于Itanium的系统)Service Pack 2
Windows 7(用于32位系统)Service Pack 1
Windows 7(用于基于x64的系统Service)包1
Windows Server 2008 R2(用于基于x64的系统)Service Pack 1
Windows Server 2008 R2(用于基于Itanium的系统)Service Pack 1
Windows 8(用于32位系统)
Windows 8(用于64位系统)
Windows Server 2012
Win 2000 dows RT
Windows Server 2008(用于32位系统)Service Pack 2(服务器核心安装)
Windows Server 2008(用于基于x64的系统)Service Pack 2(服务器核心安装) )
Windows Server 2008 R2(用于基于x64的系统)Service Pack 1(服务器核心安装)
Windows Server 2012(服务器核心安装)

利用数据库

https://www.exploit-db.com/exploits/31576

github 

metasploit

 exploit/windows/local/ms13_081_track_popup_menu

MS14-002(中)

受影响的版本

Windows XP Service Pack 3
Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 SP2(用于基于Itanium的系统)

利用数据库

https://www.exploit-db.com/exploits/30014
https://www.exploit-db.com/exploits/37732

github 

https://github.com/SecWiki/windows-kernel-exploits/tree/master/MS14-002
https://github.com/am0nsec/exploit/tree/master/windows/privs/MS14-002

metasploit

exploit/windows/local/ms_ndproxy

MS14-040(高)

受影响的版本

Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 SP2(用于基于Itanium的系统)
Windows Vista Service Pack 2
Windows Vista x64 Edition Service Pack 2
Windows Server 2008(用于32位系统)Service Pack 2
Windows Server 2008用于基于x64的系统Service Pack 2
Windows Server 2008(用于基于Itanium的系统)Service Pack 2
Windows 7(用于32位系统)Service Pack 1
用于Windows 7(用于基于x64的系统)Service Pack 1用于
Windows Server 2008 R2(用于基于x64的系统)Service Pack 1
Windows Server 2008 R2(用于基于Itanium的系统)Service Pack 1
Windows 8(用于32位系统)
Windows 8(用于基于x64的系统)
Windows 8.1(用于32位系统)
Windows 8.1(用于32位系统[2])(2973408)
Windows 8.1(用于基于x64的系统)
Windows Server 2012
[Windows Server 2012 R2
Windows RT [3](2961072)
Windows RT 8.1 [1] [ 3](2961072)

利用数据库

https://www.exploit-db.com/exploits/39446

github 

https://github.com/SecWiki/windows-kernel-exploits/tree/master/MS14-040

metasploit

MS14-058(高)

受影响的版本

Windows Server 2003,Windows Server 2008,Windows Server 2012、7、8
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 SP2(用于基于Itanium的系统)
Windows Vista Service Pack 2
Windows Vista x64 Edition Service Pack 2
Windows Server 2008(用于32位系统)Service Pack 2
Windows Server 2008(用于基于x64系统的服务)2
Windows Server 2008(用于基于Itanium的系统)Service Pack 2
Windows 7(用于32位系统)Service Pack 1
Windows 7(用于基于x64的系统)系统Service Pack 1
Windows Server 2008 R2(用于基于x64的系统)Service Pack 1
Windows Server 2008 R2(用于基于Itanium的系统)Service Pack 1
Windows 8(用于32位系统)
Windows 8(用于基于x64的系统)
Windows 8.1(用于基于x64的系统)Windows 8.1(用于基于x64的系统)
Windows Server 2012
Windows Server 2012 R2
Windows RT [1](3000061)
Windows RT 8.1 [1]( 3000061)
Windows Server 2008(用于32位系统)Service Pack 2
Windows Server 2008(用于基于x64的系统)Service Pack 2
Windows Server 2008 R2(用于基于x64的系统)Service Pack 1)

利用数据库

https://www.exploit-db.com/exploits/39666
https://www.exploit-db.com/exploits/35101

github 

https://github.com/SecWiki/windows-kernel-exploits/tree/master/MS14-058

metasploit

exploit/windows/local/ms14_058_track_popup_menu

MS14-070(高)

受影响的版本

Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 SP2(用于基于Itanium的系统)

利用数据库

https://www.exploit-db.com/exploits/37755
https://www.exploit-db.com/exploits/35936

github 

https://github.com/SecWiki/windows-kernel-exploits/tree/master/MS14-070

metasploit

exploit/windows/local/ms14_070_tcpip_ioctl

MS15-051(高)

受影响的版本

Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 SP2(用于基于Itanium的系统)
Windows Vista Service Pack 2
Windows Vista x64 Edition Service Pack 2
Windows Server 2008(用于32位系统)Service Pack 2
Windows Server 2008用于基于x64的系统Service Pack 2
Windows Server 2008(用于基于Itanium的系统)Service Pack 2
Windows 7(用于32位系统)Service Pack 1
Windows 7(用于基于x64的系统)Service Pack 1
Windows Server 2008 R2(用于基于x64的系统)Service Pack 1
Windows Server 2008 R2(用于基于Itanium的系统)Service Pack 1
Windows 8(用于32位系统)
Windows 8(用于基于x64的系统)
Windows 8.1(用于32位系统)
Windows 8.1(用于基于x64的系统)
Windows Server 2012
Windows Server 2012 R2
Windows RT [1](3045171)
Windows RT 8.1 [1](3045171)
Windows Server 2008(用于32位系统)Service Pack 2
Windows Server 2008 R2(用于基于x64的系统)Service Pack 2
Windows Server 2008 R2(用于基于x64的系统)Service Pack 1

利用数据库

https://www.exploit-db.com/exploits/37367
https://www.exploi 1ff0 t-db.com/exploits/37049

github 

https://github.com/SecWiki/windows-kernel-exploits/tree/master/MS15-051
https://github.com/jivoi/pentest/blob/master/exploit_win/ms15-051

metasploit

exploit/windows/local/ms15_051_client_copy_image

MS15-076(高)

受影响的版本

Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 SP2(用于基于Itanium的系统)
Windows Server 2003 R2 Service Pack 2
Windows Server 2003 R2 x64 Edition Service Pack 2
Windows Vista Service Pack 2
Windows Vista x64 Edition Service Pack 2
Windows Server 2008(用于32位系统)Service Pack 2
Windows Server 2008(用于基于x64的系统)Service Pack 2
Windows Server 2008(用于基于Itanium的系统)Service Pack 2
Windows 7(用于32位系统)Service Pack 1
Windows 7(用于x64-基于
Windows Server 2008 R2的基于x64的系统Service Pack 1
Windows Server 2008 R2(用于基于Itanium的系统)Service Pack 1
Windows 8(用于32位系统)
Windows 8(用于基于x64系统)
Windows 8.1(用于32位系统)
Windows 8.1(用于基于x64系统)
Windows Server 2012
Windows Server 2012 R2
Windows RT [ 1](3067505)
Windows RT 8.1 [1](3067505)

利用数据库

https://www.exploit-db.com/exploits/37768

github 

https://github.com/SecWiki/windows-kernel-exploits/tree/master/MS15-076

metasploit

MS16-014(高)

受影响的版本

Windows Vista Service Pack 2
Windows Vista x64 Edition Service Pack 2
Windows Server 2008(用于32位系统)Service Pack 2
Windows Server 2008(用于基于x64的系统)Service Pack 2
Windows Server 2008(用于基于Itanium的系统)Service Pack 2
Windows 7(用于32-位系统Service Pack 1
Windows 7(用于基于x64的系统)Service Pack 1
Windows Server 2008 R2(用于基于x64的系统)Service Pack 1
Windows Server 2008 R2(用于基于Itanium的系统)Service Pack 1
Windows 8.1(用于32位系统)
Windows 8.1(用于x64)基于
Windows Server 2012
Windows Server 2012 R2
Windows RT 8.1 [1](3126587)
Windows RT 8.1 [1](3126593)
Windows 10(用于32位系统)
Windows 10(用于基于x64的系统)
Windows 10版本1511(用于32位系统)
Windows 10版本1511(用于基于x64系统)
Windows Server 2008(用于32位系统)Service Pack 2
Windows Server 2008(用于基于x64的系统)Service Pack 2
Windows Server 2008 R2(用于基于x64的系统)Service Pack 1

利用数据库

https://www.exploit-db.com/exploits/40039
https://www.exploit-db.com/exploits/39442

github 

https://github.com/SecWiki/windows-kernel-exploits/tree/master/MS16-014

metasploit

 exploit/windows/local/ms16_014_wmi_recv_notif


MS16-016(高)

受影响的版本

Windows Vista Service Pack 2
Windows Vista x64 Edition Service Pack 2
Windows Server 2008(用于32位系统)Service Pack 2
Windows Server 2008(用于基于x64的系统)Service Pack 2
Windows 7(用于32位系统)Service Pack 1
Windows 7(用于基于x64的系统)系统Service Pack 1
Windows Server 2008 R2(用于基于x64的系统)Service Pack 1

利用数据库

https://github.com/SecWiki/windows-kernel-exploits/tree/master/MS16-014
https://www.exploit-db.com/exploits/39788
https://www.exploit-db.com/exploits/39432

github 

https://github.com/SecWiki/windows-kernel-exploits/tree/master/MS16-016

metasploit

exploit/windows/local/ms16_016_webdav

MS16-032(高)

受影响的版本

Windows Vista Service Pack 2
Windows Vista x64 Edition Service Pack 2
Windows Server 2008(用于32位系统)Service Pack 2
Windows Server 2008(用于基于x64的系统)Service Pack 2
Windows Server 2008(用于基于Itanium的系统)Service Pack 2
Windows 7(用于32-位系统Service Pack 1
Windows 7(用于基于x64的系统)Service Pack 1
Windows Server 2008 R2(用于基于x64的系统)Service Pack 1
Windows Server 2008 R2(用于基于Itanium的系统)Service Pack 1
Windows 8.1(用于32位系统)
Windows 8.1(用于x64)基于
Windows Server 2012
Windows Server 2012 R2
Windows RT 8.1 [1](3139914)
Windows 10(用于32位系统)
Windows 10(用于基于x64的系统)
Windows 10版本1511(用于32位系统)
Windows 10版本1511(用于基于x64的系统)

利用数据库

https://www.exploit-db.com/exploits/39719
https://www.exploit-db.com/exploits/39574
https://www.exploit-db.com/exploits/39809
https://www.exploit-db.com/exploits/40107

github 

https://github.com/SecWiki/windows-kernel-exploits/tree/master/MS16-032

metasploit

exploit/windows/local/ms16_032_secondary_logon_handle_privesc

MS16-098(高)

受影响的版本

Windows Vista Service Pack 2
Windows Vista x64 Edition Service Pack 2
Windows Server 2008(用于32位系统)Service Pack 2
Windows Server 2008(用于基于x64的系统)Service Pack 2
Windows Server 2008(用于基于Itanium的系统)Service Pack 2
Windows 7(用于32-位系统Service Pack 1
Windows 7(用于基于x64的系统)Service Pack 1
Windows Server 2008 R2(用于基于x64的系统)Service Pack 1
Windows Server 2008 R2(用于基于Itanium的系统)Service Pack 1
Windows 8.1(用于32位系统)
Windows 8.1(用于x64)基于
Windows Server 2012
Windows Server 2012 R2
Windows RT 8.1 [1](3177725)
Windows 10(用于32位系统)
Windows 10(用于基于x64的系统)
Windows 10版本1511(用于32位系统)
Windows 10版本1511(用于基于x64系统)
Windows 10版本1607(用于32位系统)
Windows 10版本1607(用于基于x64系统)

利用数据库

https://www.exploit-db.com/exploits/41020
https://www.exploit-db.com/exploits/42435

github 

https://github.com/SecWiki/windows-kernel-exploits/tree/master/MS16-098
https://github.com/sensepost/ms16-098

1ff8 metasploit

MS16-135(高)

受影响的版本

Windows Vista Service Pack 2
Windows Vista x64 Edition Service Pack 2
Windows Server 2008(用于32位系统)Service Pack 2
Windows Server 2008(用于基于x64的系统)Service Pack 2
Windows Server 2008(用于基于Itanium的系统)Service Pack 2
Windows 7(用于32-位系统Service Pack 1
Windows 7(用于基于x64的系统)Service Pack 1
Windows Server 2008 R2(用于基于x64的系统)Service Pack 1
Windows Server 2008 R2(用于基于Itanium的系统)Service Pack 1
Windows 8.1(用于32位系统)
Windows 8.1(用于x64)基于
Windows Server 2012
Windows Server 2012 R2
Windows 10(用于32位系统)
Windows 10(用于基于x64的系统)
适用于32位系统的
Windows 10版本1511适用于基于x64 系统的Windows 10版本1511适用于基于x64系统的
Windows Server 2016

利用数据库

https://www.exploit-db.com/exploits/41015
https://www.exploit-db.com/exploits/40823

github 

https://github.com/SecWiki/windows-kernel-exploits/tree/master/MS16-135
https://github.com/FuzzySecurity/PSKernel-Primitives/blob/master/Sample-Exploits/MS16-135/MS16-135.ps1

metasploit


内容收集互联网,仅学习研究,请勿利用非法攻击


渗透测试 红队攻防 免杀 权限维持 等等技术 及时分享最新漏洞复现以及EXP 国内外最新技术分享!!!

进来一起学习吧



本文分享自微信公众号 - 黑白天(li0981jing)。
如有侵权,请联系 support@oschina.cn 删除。
本文参与“OSC源创计划”,欢迎正在阅读的你也加入,一起分享。

内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 点击这里给我发消息
标签:  github metasploit