iT邦幫忙

2021 iThome 鐵人賽

3
Security

資安這條路─系統化學習滲透測試系列 第 33

Day33 - Windows 提權(4)-常見提權腳本

列出常見的針對 Windows 提權的腳本

Windows Vista/7 – Elevation of Privileges (UAC Bypass)

提權腳本:https://www.exploit-db.com/exploits/15609/

影響版本
Windows Vista/2008 6.1.6000 x32,
Windows Vista/2008 6.1.6001 x32,
Windows 7 6.2.7600 x32,
Windows 7/2008 R2 6.2.7600 x64.

Microsoft Windows 7 SP1 (x86) – ‘WebDAV’ Privilege Escalation (MS16-016)

提權腳本:https://www.exploit-db.com/exploits/39432/
編譯版本:https://www.exploit-db.com/exploits/39788/
執行已經編譯好的版本,該版本執行成功之後會在同一的 session 進行提權,不會產生另外一個提權 session

影響版本
Windows 7 SP1 x86 (build 7601)

Microsoft Windows 7 SP1 (x86) – Privilege Escalation (MS16-014)

提權腳本:https://www.exploit-db.com/exploits/40039/

影響版本
Windows 7 SP1 x86

Microsoft Windows 7 < 10 / 2008 < 2012 R2 (x86/x64) – Privilege Escalation (MS16-032)

提權腳本:https://www.exploit-db.com/exploits/39719/

影響版本
Windows 7 x86/x64
Windows 8 x86/x64
Windows 10
Windows Server 2008-2012R2

CVE-2017-0213: Windows COM Elevation of Privilege Vulnerability

提權腳本:https://www.exploit-db.com/exploits/42020/
已編譯好版本:
https://github.com/WindowsExploits/Exploits/tree/master/CVE-2017-0213
https://github.com/SecWiki/windows-kernel-exploits/tree/master/CVE-2017-0213

影響版本
Windows 10 (1511/10586, 1607/14393 & 1703/15063)
Windows 7 SP1 x86/x64

CVE-2019-1253: Windows Elevation of Privilege Vulnerability

提權腳本:https://github.com/padovah4ck/CVE-2019-1253

影響版本
Windows 10 (all versions) that are not patched with September (2019) update

CVE-2019-0836: Microsoft Windows 10 1809

提權腳本:https://www.exploit-db.com/exploits/46718
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0836
https://www.rapid7.com/db/vulnerabilities/msft-cve-2019-0836

影響版本
Windows 10 (1607,1703, 1709, 1803, 1809)
Windows 7 and Windows 8.1
Windows server 2008 (R2), 2012 (R2), 2016 (Server Core) and 2019 (Server Core)


上一篇
Day32 - Windows 提權(3)-Windows Exploit Suggester
下一篇
Day34 - Windows 提權(5)-WinPEAS
系列文
資安這條路─系統化學習滲透測試37
圖片
  直播研討會
圖片
{{ item.channelVendor }} {{ item.webinarstarted }} |
{{ formatDate(item.duration) }}
直播中

尚未有邦友留言

立即登入留言