CVE-2018-8120 PoC — Microsoft Windows 权限许可和访问控制问题漏洞

Source

https://github.com/ozkanbilge/CVE-2018-8120

Associated Vulnerability

Title:Microsoft Windows 权限许可和访问控制问题漏洞 (CVE-2018-8120)
Description:An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows Server 2008, Windows 7, Windows Server 2008 R2. This CVE ID is unique from CVE-2018-8124, CVE-2018-8164, CVE-2018-8166.

Description

CVE-2018-8120 Windows LPE exploit

Readme

# CVE-2018-8120
CVE-2018-8120 Windows LPE exploit


Supports both x32 and x64.

Tested on: Win7 x32, Win7 x64, Win2008 x32, Win2008 R2 x32, Win2008 R2 x64.

![image](https://github.com/unamer/CVE-2018-8120/blob/master/screenshot.bmp)

## Usage
```shell
CVE-2018-8120 exploit by @unamer(https://github.com/unamer)
Usage: exp.exe command
Example: exp.exe "net user admin admin /ad"
```
## Caution
* Please exclude shellcode.asm if you wanna compile x32 version.

## Reference
* https://xiaodaozhi.com/exploit/156.html
* https://github.com/bigric3/cve-2018-8120

File Snapshot


 [4.0K]  /data/pocs/4f847366d175dbb71dd69d32e0250d3698e77b34
├── [4.0K]  CVE-2018-8120
│   ├── [7.3K]  CVE-2018-8120.vcxproj
│   ├── [1.0K]  CVE-2018-8120.vcxproj.filters
│   ├── [2.2K]  shellcode.asm
│   └── [ 12K]  Source.cpp
├── [1.3K]  CVE-2018-8120.sln
├── [ 34K]  LICENSE
├── [ 559]  README.md
├── [4.0K]  Release
│   └── [ 80K]  CVE-2018-8120.exe
├── [422K]  screenshot.bmp
└── [4.0K]  x64
    └── [4.0K]  Release
        └── [ 92K]  CVE-2018-8120.exe

4 directories, 10 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!