hackerhouse-opensource/iscsicpl_bypassUAC

Stars
727
Rank 61,960 (Top 2 %)
Language
C++
Created about 2 years ago
Updated about 2 years ago

hackerhouse-opensource/iscsicpl_bypassUAC

hackerhouse-opensource

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

UAC bypass for x64 Windows 7 - 11

iscsicpl autoelevate DLL Search Order hijacking UAC Bypass 0day

The iscsicpl.exe binary is vulnerable to a DLL Search Order hijacking vulnerability when running 32bit Microsoft binary on a 64bit host via SysWOW64. The 32bit binary, will perform a search within user %Path% for the DLL iscsiexe.dll. This can be exploited using a Proxy DLL to execute code via "iscsicpl.exe" as autoelevate is enabled. This exploit has been tested against the following versions of Windows desktop:

Windows 11 Enterprise x64 (Version 10.0.22000.739).
Windows 8.1 Professional x64 (Version 6.3.9600).

These files are available under a Attribution-NonCommercial-NoDerivatives 4.0 International license.

exploits

exploits and proof-of-concept vulnerability demonstration files from the team at Hacker House

Marble

The CIA's Marble Framework is designed to allow for flexible and easy-to-use obfuscation when developing tools.

SignToolEx

Patching "signtool.exe" to accept expired certificates for code-signing.

Stinger

CIA UAC bypass implementation of Stinger that obtains the token from an auto-elevated process, modifies it, and reuses it to execute as Administrator.

OffensiveLua

Artillery

CIA UAC bypass implementation that utilizes elevated COM object to write to System32 and an auto-elevated process to execute as administrator.

ColorDataProxyUACBypass

Exploits undocumented elevated COM interface ICMLuaUtil via process spoofing to edit registry then calls ColorDataProxy to trigger UAC bypass. Win 7 & up.

WMIProcessWatcher

A CIA tradecraft technique to asynchronously detect when a process is created using WMI.

tools

A collection of tools created for computer security research purposes.

cve-2018-10933

cve-2018-10933 libssh authentication bypass

backdoors

Tools for maintaining access to systems and proof-of-concept demonstrations.

CompMgmtLauncher_DLL_UACBypass

CompMgmtLauncher & Sharepoint DLL Search Order hijacking UAC/persist via OneDrive

MsSettingsDelegateExecute

Bypass UAC on Windows 10/11 x64 using ms-settings DelegateExecute registry key.

pyongyang_2407

Pyongyang 2407 - Android ROM from North Korea, modified to run on WBW5511_MAINBOARD_P2 devices. Releases contains an archived ROM with all needed tools to boot DPRK Android on compatible hardware. This repository contains installation instructions, hardware documentation and exploits for disabling censorship tools of North Korea Android.

envschtasksuacbypass

Bypass UAC elevation on Windows 8 (build 9600) & above.

documents

Papers, presentations and documents from the team at Hacker House.

shellcode

shellcode are codes designed to be injected into the memory space of another process during exploitation.

electionhacking

Diebold Accuvote-TSx Election Machine Hacking

NoFaxGiven

Code Execution & Persistence in NETWORK SERVICE FAX Service

Gigabyte_ElevatePersist

Giga-byte Control Center (GCC) is a software package designed for improved user experience of Gigabyte hardware, often found in gaming and performance PC's. A UAC elevation vulnerability exists that can be used for persistence in a novel fashion.

AESCrypt

AES-256 Microsoft Cryptography API Example Use.

rebirth

rebirth IOS11 - 11.3.1 jailbreak security research utility

cve-2021-34527

CVE-2021-34527 AddPrinterDriverEx() Privilege Escalation

hackerhouse-opensource

hfioquake3_DoS

ioquake3 engine is vulnerable to a remotely exploitable off-by-one overflow due to a miscalculated array index within the privileged admin console command banaddr. Attacker needs the rcon password to exploit this vulnerability.