kalendsi / cve-2022-21882 Goto Github PK
View Code? Open in Web Editor NEWwin32k LPE
cve-2022-21882's People
Contributors
Stargazers
Watchers
Forkers
fengjixuchui explife0011 crackercat wuyadie killvxk askyeye alexpeleg jilvan1234 dinosn an4kein bluesky92 jymcheong ellen2015 agelovito bb33bb borbankx mr-xn zhouzu c47world whorahul f0cker secguydm zzhsec scriptidiot yougar0 zicreamz d-rn anti-ghosts ozon2282 ykankaya rmdavy wuxueeee invokethreatguy bravery9 for-acgn cor3sm4sh3r hell0fr13nd jermainlaforce mixobixo7 idkwim ak-blank hansesecure xuansgg th3blackp3arl roerei ashr gugosoad sertif85 gochankot developer191 goowen fdlucifer bleszily h3ggor cozmoalien hackmycontrolsystem oliv4s sellum-ai moes16 blacksenpig taylostolo maxiz1225 hugmyndakassi 4v4loon nil-ref exiahan t-seclab curtishoughton dev0x41 0xfatamorgana shutupandhack-club zha0 peneter rtz-ufa feiyunwill kz-cyber asdlei99 iptwlcp9 avrah jxpsx cagivajsp pacmayop emanuelfc hxlxmjxbbxs testcc2c kara-4search armorunicorn cbwang505 dk47os3r cutff tmcmil ablescia ghislainadon miraetechresearch actorexpose cyb3rmx abangsihar hackeymonkey a1124510616 lyrhycve-2022-21882's Issues
Having Compile errors Using G++
Figured it out ... compile with the project file ... my bad
Thanks
可以编译成功,但是执行都蓝屏
我使用VS2019编译你的两个项目CVE-2022-21882 和CVE-2021-1732 都在win1809上进行测试,都蓝屏,可否分享一下你编译好的EXE呢,万分感谢。
WinSystem
Excellent
Excellent
Failed to compile: x86_64-w64-mingw32-g++
Hello, @KaLendsi
I faced an error while compiling your PoC exploit for Win32k Local Privilege Escalation.
-
OS:
macOS Big Sur -
CC:
x86_64-w64-mingw32-g++ -
uname:Darwin Ivans-MacBook-Air.local 20.1.0 Darwin Kernel Version 20.1.0: Sat Oct 31 00:07:10 PDT 2020; root:xnu-7195.50.7~2/RELEASE_ARM64_T8101 arm64 -
Command:
x86_64-w64-mingw32-g++ ExploitTest.cpp -
Error log:
ExploitTest.cpp: In function 'BOOL FindHMValidateHandle()':
ExploitTest.cpp:84:32: error: cast from 'BYTE*' {aka 'unsigned char*'} to 'unsigned int' loses precision [-fpermissive]
84 | unsigned int offset = ((unsigned int)pIsMenu - (unsigned int)hUser32) + addr;
| ^~~~~~~~~~~~~~~~~~~~~
ExploitTest.cpp:84:56: error: cast from 'HMODULE' {aka 'HINSTANCE__*'} to 'unsigned int' loses precision [-fpermissive]
84 | unsigned int offset = ((unsigned int)pIsMenu - (unsigned int)hUser32) + addr;
| ^~~~~~~~~~~~~~~~~~~~~
ExploitTest.cpp: In function 'HWND__* GuessHwnd(QWORD*, DWORD)':
ExploitTest.cpp:131:35: warning: cast to pointer from integer of different size [-Wint-to-pointer-cast]
131 | hwndMagicWindow = (HWND)*(DWORD*)(qwBaseAddress - 0xc8);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ExploitTest.cpp: In function 'int main(int, _TCHAR**)':
ExploitTest.cpp:509:17: warning: cast to pointer from integer of different size [-Wint-to-pointer-cast]
509 | (LPCWSTR)g_lpWcxMagic,
| ^~~~~~~~~~~~~~~~~~~~~
ExploitTest.cpp:663:24: warning: ISO C++ forbids converting a string constant to 'LPWSTR' {aka 'wchar_t*'} [-Wwrite-strings]
663 | si.lpDesktop = L"WinSta0\\Default";
| ^~~~~~~~~~~~~~~~~~~
ExploitTest.cpp:666:29: error: cannot convert '_TCHAR*' {aka 'char*'} to 'LPCWSTR' {aka 'const wchar_t*'}
666 | lstrcpyW(cmd, argv[1]);
| ~~~~~~^
| |
| _TCHAR* {aka char*}
In file included from /usr/local/Cellar/mingw-w64/9.0.0_2/toolchain-x86_64/x86_64-w64-mingw32/include/windows.h:70,
from ExploitTest.cpp:6:
/usr/local/Cellar/mingw-w64/9.0.0_2/toolchain-x86_64/x86_64-w64-mingw32/include/winbase.h:1446:64: note: initializing argument 2 of WCHAR* lstrcpyW(LPWSTR, LPCWSTR)'
1446 | WINBASEAPI LPWSTR WINAPI lstrcpyW (LPWSTR lpString1, LPCWSTR lpString2);
| ~~~~~~~~^~~~~~~~~
ExploitTest.cpp: In function 'DWORD64 g_newxxxClientFreeWindowClassExtraBytes(DWORD64*)':
ExploitTest.cpp:164:1: warning: control reaches end of non-void function [-Wreturn-type]
164 | }
| ^
Undefined symbol in shellcode.asm
undefined symbol: r10
Severity Code Description Project File Line Suppression State
Error A2006 undefined symbol : r10 CVE-2021-1732 C:\Users\sandbox\Downloads\CVE-2022-21882-main\CVE-2022-21882-main\shellcode.asm 6
Error MSB3721 The command "ml.exe /c /nologo /Zi /Fo"Debug\shellcode.obj" /W3 /errorReport:prompt /Tashellcode.asm" exited with code 1. CVE-2021-1732 C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\MSBuild\Microsoft\VC\v160\BuildCustomizations\masm.targets 70
Cant compile
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.