SecWiki 操作系统提权漏洞整理集合 程序源码

new4 2017-6-9 21536

为了提高大家渗透测试后期提权的效率,我们在前段时间发起了一个项目。这个项目的内容主要是对Windows和Linux的一些exp的整理,现在我们把已经整理的exp分享出来,以飨读者。特别感谢 @Harnerx 的辛苦劳动。  

Windows平台提权漏洞集合 https://github.com/SecWiki/windows-kernel-exploits  

Linux平台提权漏洞集合 https://github.com/SecWiki/linux-kernel-exploits


linux-kernel-exploits

简介

linux-kernel-exploits


漏洞列表

#CVE  #Description  #Kernels

  • CVE-2017-1000367  [Sudo]
    (Sudo 1.8.6p7 - 1.8.20)

  • CVE-2017-7494  [Samba Remote execution]
    (Samba 3.5.0-4.6.4/4.5.10/4.4.14)

  • CVE-2016-5195  [Dirty cow]
    (Linux kernel>2.6.22 (released in 2007))

  • CVE-2016-0728  [pp_key]
    (3.8.0, 3.8.1, 3.8.2, 3.8.3, 3.8.4, 3.8.5, 3.8.6, 3.8.7, 3.8.8, 3.8.9, 3.9, 3.10, 3.11, 3.12, 3.13, 3.4.0, 3.5.0, 3.6.0, 3.7.0, 3.8.0, 3.8.5, 3.8.6, 3.8.9, 3.9.0, 3.9.6, 3.10.0, 3.10.6, 3.11.0, 3.12.0, 3.13.0, 3.13.1)

  • CVE-2015-1328  [overlayfs]
    (3.13, 3.16.0, 3.19.0)

  • CVE-2014-0196  [rawmodePTY]
    (2.6.31, 2.6.32, 2.6.33, 2.6.34, 2.6.35, 2.6.36, 2.6.37, 2.6.38, 2.6.39, 3.14, 3.15)

  • CVE-2014-0038  [timeoutpwn]
    (3.4, 3.5, 3.6, 3.7, 3.8, 3.8.9, 3.9, 3.10, 3.11, 3.12, 3.13, 3.4.0, 3.5.0, 3.6.0, 3.7.0, 3.8.0, 3.8.5, 3.8.6, 3.8.9, 3.9.0, 3.9.6, 3.10.0, 3.10.6, 3.11.0, 3.12.0, 3.13.0, 3.13.1)

  • CVE-2013-2094  [perf_swevent]
    (3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.1.0, 3.2, 3.3, 3.4.0, 3.4.1, 3.4.2, 3.4.3, 3.4.4, 3.4.5, 3.4.6, 3.4.8, 3.4.9, 3.5, 3.6, 3.7, 3.8.0, 3.8.1, 3.8.2, 3.8.3, 3.8.4, 3.8.5, 3.8.6, 3.8.7, 3.8.8, 3.8.9)

  • CVE-2013-0268  [msr]
    (2.6.18, 2.6.19, 2.6.20, 2.6.21, 2.6.22, 2.6.23, 2.6.24, 2.6.25, 2.6.26, 2.6.27, 2.6.27, 2.6.28, 2.6.29, 2.6.30, 2.6.31, 2.6.32, 2.6.33, 2.6.34, 2.6.35, 2.6.36, 2.6.37, 2.6.38, 2.6.39, 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.1.0, 3.2, 3.3, 3.4, 3.5, 3.6, 3.7.0, 3.7.6)

  • CVE-2012-0056  [memodipper]
    (2.6.39, 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.1.0)

  • CVE-2010-4347  [american-sign-language]
    ( 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 2.6.5, 2.6.6, 2.6.7, 2.6.8, 2.6.9, 2.6.10, 2.6.11, 2.6.12, 2.6.13, 2.6.14, 2.6.15, 2.6.16, 2.6.17, 2.6.18, 2.6.19, 2.6.20, 2.6.21, 2.6.22, 2.6.23, 2.6.24, 2.6.25, 2.6.26, 2.6.27, 2.6.28, 2.6.29, 2.6.30, 2.6.31, 2.6.32, 2.6.33, 2.6.34, 2.6.35, 2.6.36)

  • CVE-2010-4258  [full-nelson]
    (2.6.31, 2.6.32, 2.6.35, 2.6.37)

  • CVE-2010-4073  [half_nelson]
    (2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 2.6.5, 2.6.6, 2.6.7, 2.6.8, 2.6.9, 2.6.10, 2.6.11, 2.6.12, 2.6.13, 2.6.14, 2.6.15, 2.6.16, 2.6.17, 2.6.18, 2.6.19, 2.6.20, 2.6.21, 2.6.22, 2.6.23, 2.6.24, 2.6.25, 2.6.26, 2.6.27, 2.6.28, 2.6.29, 2.6.30, 2.6.31, 2.6.32, 2.6.33, 2.6.34, 2.6.35, 2.6.36)

  • CVE-2010-3904  [rds]
    (2.6.30, 2.6.31, 2.6.32, 2.6.33, 2.6.34, 2.6.35, 2.6.36)

  • CVE-2010-3437  [pktcdvd]
    (2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 2.6.5, 2.6.6, 2.6.7, 2.6.8, 2.6.9, 2.6.10, 2.6.11, 2.6.12, 2.6.13, 2.6.14, 2.6.15, 2.6.16, 2.6.17, 2.6.18, 2.6.19, 2.6.20, 2.6.21, 2.6.22, 2.6.23, 2.6.24, 2.6.25, 2.6.26, 2.6.27, 2.6.28, 2.6.29, 2.6.30, 2.6.31, 2.6.32, 2.6.33, 2.6.34, 2.6.35, 2.6.36)

  • CVE-2010-3301  [ptrace_kmod2]
    (2.6.26, 2.6.27, 2.6.28, 2.6.29, 2.6.30, 2.6.31, 2.6.32, 2.6.33, 2.6.34)

  • CVE-2010-3081  [video4linux]
    (2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 2.6.5, 2.6.6, 2.6.7, 2.6.8, 2.6.9, 2.6.10, 2.6.11, 2.6.12, 2.6.13, 2.6.14, 2.6.15, 2.6.16, 2.6.17, 2.6.18, 2.6.19, 2.6.20, 2.6.21, 2.6.22, 2.6.23, 2.6.24, 2.6.25, 2.6.26, 2.6.27, 2.6.28, 2.6.29, 2.6.30, 2.6.31, 2.6.32, 2.6.33)

  • CVE-2010-2959  [can_bcm]
    (2.6.18, 2.6.19, 2.6.20, 2.6.21, 2.6.22, 2.6.23, 2.6.24, 2.6.25, 2.6.26, 2.6.27, 2.6.28, 2.6.29, 2.6.30, 2.6.31, 2.6.32, 2.6.33, 2.6.34, 2.6.35, 2.6.36)

  • CVE-2010-1146  [reiserfs]
    (2.6.18, 2.6.19, 2.6.20, 2.6.21, 2.6.22, 2.6.23, 2.6.24, 2.6.25, 2.6.26, 2.6.27, 2.6.28, 2.6.29, 2.6.30, 2.6.31, 2.6.32, 2.6.33, 2.6.34)

  • CVE-2010-0415  [do_pages_move]
    (2.6.18, 2.6.19, 2.6.20, 2.6.21, 2.6.22, 2.6.23, 2.6.24, 2.6.25, 2.6.26, 2.6.27, 2.6.28, 2.6.29, 2.6.30, 2.6.31)

  • CVE-2009-3547  [pipe.c_32bit]
    (2.4.4, 2.4.5, 2.4.6, 2.4.7, 2.4.8, 2.4.9, 2.4.10, 2.4.11, 2.4.12, 2.4.13, 2.4.14, 2.4.15, 2.4.16, 2.4.17, 2.4.18, 2.4.19, 2.4.20, 2.4.21, 2.4.22, 2.4.23, 2.4.24, 2.4.25, 2.4.26, 2.4.27, 2.4.28, 2.4.29, 2.4.30, 2.4.31, 2.4.32, 2.4.33, 2.4.34, 2.4.35, 2.4.36, 2.4.37, 2.6.15, 2.6.16, 2.6.17, 2.6.18, 2.6.19, 2.6.20, 2.6.21, 2.6.22, 2.6.23, 2.6.24, 2.6.25, 2.6.26, 2.6.27, 2.6.28, 2.6.29, 2.6.30, 2.6.31)

  • CVE-2009-2698  [udp_sendmsg_32bit]
    (2.6.1, 2.6.2, 2.6.3, 2.6.4, 2.6.5, 2.6.6, 2.6.7, 2.6.8, 2.6.9, 2.6.10, 2.6.11, 2.6.12, 2.6.13, 2.6.14, 2.6.15, 2.6.16, 2.6.17, 2.6.18, 2.6.19)

  • CVE-2009-2692  [sock_sendpage]
    (2.4.4, 2.4.5, 2.4.6, 2.4.7, 2.4.8, 2.4.9, 2.4.10, 2.4.11, 2.4.12, 2.4.13, 2.4.14, 2.4.15, 2.4.16, 2.4.17, 2.4.18, 2.4.19, 2.4.20, 2.4.21, 2.4.22, 2.4.23, 2.4.24, 2.4.25, 2.4.26, 2.4.27, 2.4.28, 2.4.29, 2.4.30, 2.4.31, 2.4.32, 2.4.33, 2.4.34, 2.4.35, 2.4.36, 2.4.37, 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 2.6.5, 2.6.6, 2.6.7, 2.6.8, 2.6.9, 2.6.10, 2.6.11, 2.6.12, 2.6.13, 2.6.14, 2.6.15, 2.6.16, 2.6.17, 2.6.18, 2.6.19, 2.6.20, 2.6.21, 2.6.22, 2.6.23, 2.6.24, 2.6.25, 2.6.26, 2.6.27, 2.6.28, 2.6.29, 2.6.30)

  • CVE-2009-2692  [sock_sendpage2]
    (2.4.4, 2.4.5, 2.4.6, 2.4.7, 2.4.8, 2.4.9, 2.4.10, 2.4.11, 2.4.12, 2.4.13, 2.4.14, 2.4.15, 2.4.16, 2.4.17, 2.4.18, 2.4.19, 2.4.20, 2.4.21, 2.4.22, 2.4.23, 2.4.24, 2.4.25, 2.4.26, 2.4.27, 2.4.28, 2.4.29, 2.4.30, 2.4.31, 2.4.32, 2.4.33, 2.4.34, 2.4.35, 2.4.36, 2.4.37, 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 2.6.5, 2.6.6, 2.6.7, 2.6.8, 2.6.9, 2.6.10, 2.6.11, 2.6.12, 2.6.13, 2.6.14, 2.6.15, 2.6.16, 2.6.17, 2.6.18, 2.6.19, 2.6.20, 2.6.21, 2.6.22, 2.6.23, 2.6.24, 2.6.25, 2.6.26, 2.6.27, 2.6.28, 2.6.29, 2.6.30)

  • CVE-2009-1337  [exit_notify]
    (2.6.25, 2.6.26, 2.6.27, 2.6.28, 2.6.29)

  • CVE-2009-1185  [udev]
    (2.6.25, 2.6.26, 2.6.27, 2.6.28, 2.6.29)

  • CVE-2008-4210  [ftrex]
    (2.6.11, 2.6.12, 2.6.13, 2.6.14, 2.6.15, 2.6.16, 2.6.17, 2.6.18, 2.6.19, 2.6.20, 2.6.21, 2.6.22)

  • CVE-2008-0600  [vmsplice2]
    (2.6.23, 2.6.24)

  • CVE-2008-0600  [vmsplice1]
    (2.6.17, 2.6.18, 2.6.19, 2.6.20, 2.6.21, 2.6.22, 2.6.23, 2.6.24, 2.6.24.1)

  • CVE-2006-3626  [h00lyshit]
    (2.6.8, 2.6.10, 2.6.11, 2.6.12, 2.6.13, 2.6.14, 2.6.15, 2.6.16)

  • CVE-2006-2451  [raptor_prctl]
    (2.6.13, 2.6.14, 2.6.15, 2.6.16, 2.6.17)

  • CVE-2004-1235  [elflbl]
    (2.4.29)

  • CVE-N/A  [caps_to_root]
    (2.6.34, 2.6.35, 2.6.36)

  • CVE-2004-0077  [mremap_pte]
    (2.4.20, 2.2.24, 2.4.25, 2.4.26, 2.4.27)

  • CVE-2005-0736  [krad3]
    (2.6.5, 2.6.7, 2.6.8, 2.6.9, 2.6.10, 2.6.11)

项目维护

免责说明

请勿用于非法的用途,否则造成的严重后果与本项目无关。

参考链接



windows-kernel-exploits

简介

windows-kernel-exploits


漏洞列表

#Security Bulletin   #KB     #Description    #Operating System
  • CVE-2017-0213  [Windows COM Elevation of Privilege Vulnerability]  (windows 10/8.1/7/2016/2010/2008)
  • MS17-010  [KB4013389]  [Windows Kernel Mode Drivers]  (windows 7/2008/2003/XP)
  • MS16-135  [KB3199135]  [Windows Kernel Mode Drivers]  (2016)
  • MS16-098  [KB3178466]  [Kernel Driver]  (Win 8.1)
  • MS16-075  [KB3164038]  [Hot Potato]  (2003/2008/7/8/2012)
  • MS16-032  [KB3143141]  [Secondary Logon Handle]  (2008/7/8/10/2012)
  • MS16-016  [KB3136041]  [WebDAV]  (2008/Vista/7)
  • MS15-097  [KB3089656]  [remote code execution]  (win8.1/2012)
  • MS15-076  [KB3067505]  [RPC]  (2003/2008/7/8/2012)
  • MS15-061  [KB3057839]  [Kernel Driver]  (2003/2008/7/8/2012)
  • MS15-051  [KB3057191]  [Windows Kernel Mode Drivers]  (2003/2008/7/8/2012)
  • MS15-010  [KB3036220]  [Kernel Driver]  (2003/2008/7/8)
  • MS15-001  [KB3023266]  [Kernel Driver]  (2008/2012/7/8)
  • MS14-070  [KB2989935]  [Kernel Driver]  (2003)
  • MS14-068  [KB3011780]  [Domain Privilege Escalation]  (2003/2008/2012/7/8)
  • MS14-058  [KB3000061]  [Win32k.sys]  (2003/2008/2012/7/8)
  • MS14-040  [KB2975684]  [AFD Driver]  (2003/2008/2012/7/8)
  • MS14-002  [KB2914368]  [NDProxy]  (2003/XP)
  • MS13-005  [KB2778930]  [Kernel Mode Driver]  (2003/2008/2012/78)
  • MS12-020  [KB2671387]  [RDP]  (2003/2008/7/XP)
  • MS11-080  [KB2592799]  [AFD.sys]  (2003/XP)
  • MS11-062  [KB2566454]  [NDISTAPI]  (2003/XP)
  • MS11-046  [KB2503665]  [AFD.sys]  (2003/2008/7/XP)
  • MS11-011  [KB2393802]  [kernel Driver]  (2003/2008/7/XP/Vista)
  • MS10-092  [KB2305420]  [Task Scheduler]  (2008/7)
  • MS10-059  [KB982799]   [ACL]  (2008/7/Vista)
  • MS10-015  [KB977165]   [KiTrap0D]  (2003/2008/7/XP)
  • MS09-050  [KB975517]   [Remote Code Execution]  (2008/Vista)
  • MS08-068  [KB957097]   [Remote Code Execution]  (2000/XP)
  • MS08-067  [KB958644]   [Remote Code Execution]  (Windows 2000/XP/Server 2003/Vista/Server 2008)
  • MS08-025  [KB941693]   [Win32.sys]  (XP/2003/2008/Vista)
  • MS06-040  [KB921883]   [Remote Code Execution]  (2003/xp/2000)
  • MS05-039  [KB899588]   [PnP Service]  (Win 9X/ME/NT/2000/XP/2003)
  • MS03-026  [KB823980]   [Buffer Overrun In RPC Interface]  (/NT/2000/XP/2003)

工具

项目维护

免责说明

请勿用于非法的用途,否则造成的严重后果与本项目无关。

参考链接


最新回复 (1)
全部楼主
  • sspps 2017-6-26
    2



    不能私信,留言给看看这是啥,虚拟服务器吗?原谅我的无知. 小白一个..

      弱口令的. 给大神你有用么,我是看不明白..

返回
发新帖