Windows Privilege Escalation

Exploit for CVE-2021-1732 (Win32k) - Local Privilege Escalation

*For educational and authorized security research purposes only*

Original Exploit Authors

@Exploit Blizzard

Vulnerability Description

A vulnerability exists within win32k that can be leveraged by an attacker to escalate privileges to those of NT AUTHORITY\SYSTEM. The flaw exists in how the WndExtra field of a window can be manipulated into being treated as an offset despite being populated by an attacker-controlled value. This can be leveraged to achieve an out of bounds write operation, eventually leading to privilege escalation. This flaw was originally identified as CVE-2021-1732 and was patched by Microsoft on February 9th, 2021. In early 2022.

Usage

  CVE-2021-1732.exe "the-command"

Options

  "the-command"    Use every command supported by Command Line Interfaces (CLI), such as "whoami"

Download Via Original Source

Download Exploit Script for CVE-2021-3560 Here

Exploit Requirements

• Command Prompt
• Proccess Hacker

Demo

Tested On

• Windows 10 Version 2004

Affected Windows Versions:

Windows Server, version 20H2 (Server Core Installation), Windows 10 Version 20H2, Windows Server, version 2004 (Server Core installation), Windows 10 Version 2004, Windows Server, version 1909 (Server Core installation), Windows 10 Version 1909, Windows Server 2019 (Server Core installation), Windows Server 2019, Windows 10 Version 1809

---

Warning

⚠️ Becareful when running this exploit on your system.

Credits

• https://nvd.nist.gov/vuln/detail/cve-2021-1732
• https://bbs.kanxue.com/thread-266362.html
• https://github.com/exploitblizzard/Windows-Privilege-Escalation-CVE-2021-1732
• https://packetstormsecurity.com/files/166169/Win32k-ConsoleControl-Offset-Confusion-Privilege-Escalation.html