sailay1996/magnifier0day sailay1996/magnifier0day

  • Stars
    star
    135
  • Rank 269,297 (Top 6 %)
  • Language
    C
  • Created over 4 years ago
  • Updated over 4 years ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
sailay1996/magnifier0day
github

sailay1996

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Windows 10 Privilege Escalation (magnifier.exe) via Dll Search Order Hijacking

magnifier0day

Windows 10 Privilege Escalation (magnify.exe) via Dll Search Order Hijacking

can exploit every windows which installed intel Driver.

Some of the ppl will say this is not vuln because of default system paths %path% but most of the user have the user writeable path in SYSTEM %PATH% then we can exploit it.

steps:

  1. copy payload dll as igdgmm64.dll to SYSTEM path %PATH% which is writeable such as C:\python27
  2. Press WinKey+L
  3. Press Enter
  4. Press WinKey++(plusKey) on login screen which show password box.
    then payload dll will execute as SYSTEM access.

or
WinKey+L (LogonUI) -> Ease of Access - > Magnifier -> login.
payload will execute as SYSTEM

Noted: Use this for finding paths

https://github.com/sailay1996/awesome_windows_logical_bugs/blob/master/find_dir4_privEsc_dll_hijack.txt

test1

@404death

More Repositories

1

UAC_Bypass_In_The_Wild

Windows 10 UAC bypass for all executable files which are autoelevate true .
C
621
star
2

awesome_windows_logical_bugs

collect for learning cases
VBScript
544
star
3

UAC_bypass_windows_store

Windows 10 LPE (UAC Bypass) in Windows Store (WSReset.exe)
C
263
star
4

CdpSvcLPE

Windows Local Privilege Escalation via CdpSvc service (Writeable SYSTEM path Dll Hijacking)
C++
247
star
5

cve-2020-1337-poc

poc for CVE-2020-1337 (Windows Print Spooler Elevation of Privilege)
PowerShell
174
star
6

RpcSsImpersonator

Privilege Escalation Via RpcSs svc
C
166
star
7

WerTrigger

Weaponizing for privileged file writes bugs with windows problem reporting
C++
150
star
8

SpoolTrigger

Weaponizing for privileged file writes bugs with PrintNotify Service
PowerShell
126
star
9

Fileless_UAC_bypass_WSReset

I created the python script to bypass UAC to get system shell .
Python
115
star
10

delete2SYSTEM

Weaponizing for Arbitrary Files/Directories Delete bugs to Get NT AUTHORITY\SYSTEM
C
111
star
11

PrintNightmare-LPE

CVE-2021-1675 (PrintNightmare)
C++
75
star
12

tokenx_privEsc

with metasploit
Python
63
star
13

eternal-pulsar

Eternalblue-Doublepulsar without Metasploit or python
Python
49
star
14

cve-2022-21882-poc

lpe poc for cve-2022-21882
C++
48
star
15

offsec_WE

learning case to prepare OSWE
40
star
16

SECOMN_EoP

Sound Research SECOMN service Privilege Escalation (windows 10)
Batchfile
40
star
17

amd_eop_poc

CVE-2020-8950 AMD User Experience Program Launcher from Radeon Software Privilege Escalation ( FileWrite eop)
Batchfile
29
star
18

windows-stuff

my learning case about windows
20
star
19

FileWrite2system

File Write Weapon for Privilege Escalation To get SYSTEM
PowerShell
20
star
20

misc-bin

testing123
PowerShell
11
star
21

origin_client_LPE

Ea's Origin Client LPE
PowerShell
9
star
22

JustFunctions

Dangerous Functions of Programming Languages
4
star
23

Windows_System_Programming

my learning journey of windows system programmings
C
4
star
24

app-sec-checklist

checklist for Application penetration Testing
4
star
25

wp_app_dllhijack_poc

C
3
star
26

NP_impersonate

priv esc for SeImpersonatePrivilege
C
3
star
27

sec_checklist_bag

Security Checklist for Industry
3
star
28

playing-with-privileged-tokens

just my learning cases
C++
3
star
29

offsecWE-prepare

my learning case for OSWE prepare
PHP
3
star
30

pyauthy

Script for Twilio Authy Two-Factor Authentication (2FA)
Python
2
star
31

xApp

Shell
2
star
32

trash-bin

test123
2
star
33

MyNotes

Notes
2
star
34

awe-win-expx

noted
1
star
35

mozilla-security-checklist

Mozilla - Security Checklist #noted
1
star
36

assem

my learning case for assembly
C
1
star