CVE-2018-8120 PoC — Microsoft Windows 权限许可和访问控制问题漏洞

Source

https://github.com/qiantu88/CVE-2018-8120

Associated Vulnerability

Title:Microsoft Windows 权限许可和访问控制问题漏洞 (CVE-2018-8120)
Description:An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows Server 2008, Windows 7, Windows Server 2008 R2. This CVE ID is unique from CVE-2018-8124, CVE-2018-8164, CVE-2018-8166.

Readme

# CVE-2018-8120
CVE-2018-8120 Windows LPE exploit

测试支持: Win7 x32, Win7 x64, Win2008 x32, Win2008 R2 x32, Win2008 R2 Datacenter x64, Win2008 Enterprise x64
         WinXP x32, Win2003 x32,Win2003 x64

原exp不支持xp，2003，当前代码在原基础上增加了对这两个系统的支持。

## Usage
```shell
CVE-2018-8120 exploit by @Topsec_Alpha_lab(https://github.com/alpha1ab)
Usage: exp.exe command
Example: exp.exe "net user admin admin /add"
```
## Caution
* 编译32位版本的exp,请从工程中排除shellcode.asm文件.

## Reference
* https://github.com/unamer/CVE-2018-8120

File Snapshot


 [4.0K]  /data/pocs/5cf92e06df3a2f7a8b7acdbac007ad547bf05eeb
├── [4.0K]  CVE-2018-8120
│   ├── [4.0K]  CVE-2018-8120
│   │   ├── [7.2K]  CVE-2018-8120.vcxproj
│   │   ├── [ 958]  CVE-2018-8120.vcxproj.filters
│   │   ├── [2.2K]  shellcode.asm
│   │   └── [ 16K]  Source.cpp
│   ├── [1.3K]  CVE-2018-8120.sln
│   ├── [4.0K]  Release
│   │   └── [ 80K]  CVE-2018-8120.exe
│   └── [4.0K]  x64
│       └── [4.0K]  Release
│           └── [ 93K]  CVE-2018-8120.exe
└── [ 601]  README.md

5 directories, 8 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!