CVE-2021-31955 PoC — Windows Kernel Information Disclosure Vulnerability

Source

https://github.com/ApexPredator-InfoSec/forti_shield

Associated Vulnerability

Title:Windows Kernel Information Disclosure Vulnerability (CVE-2021-31955)
Description:Windows Kernel Information Disclosure Vulnerability

Description

A combined POC for CVE-2021-31955,  CVE-2015-4077, and CVE-2015-5736

Readme

# forti_shield
A combined POC for CVE-2021-31955,  CVE-2015-4077, and CVE-2015-5736

This one of the possible solutions for an extra mile in the 2022 version of the EXP-401 course. This extra mile was removed in the 2025 version of the course. This solution will not work for the current extra mile without changing offsets. All offsets in this poc are hardcoded and it is not version independent. It works on Windows 10 20H2.

CVE-2021-31955 POC from freeide was modified to leak the EPROCESS of the exploits process. https://github.com/freeide/CVE-2021-31955-POC

Morten and Sickness's POC for CVE-2015-4077 and CVE-2015-5736 was then modifeid to work with 20H2 https://www.exploit-db.com/exploits/45149

<img width="1900" height="1126" alt="image" src="https://github.com/user-attachments/assets/00428b86-43d6-4466-9b81-cf4737b540b9" />

File Snapshot


 [4.0K]  /data/pocs/c945a8a52b1fb18918489ad21ff7ac6484d18dcc
├── [ 20K]  forti_exploit.cpp
├── [1.1K]  LICENSE
├── [475K]  ntdll_x64.lib
├── [173K]  ntos.h
├── [ 840]  README.md
├── [ 301]  stdafx.cpp
├── [ 320]  stdafx.h
├── [ 314]  targetver.h
└── [ 746]  token_stealing.asm

1 directory, 9 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!