Skip to content

kkent030315/anyelevate

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

17 Commits

.github/workflows

.github/workflows

 
 

anycall @ b05ecb7

anycall @ b05ecb7

 
 

anyelevate

anyelevate

 
 

color-console @ 745f571

color-console @ 745f571

 
 

.gitignore

.gitignore

 
 

.gitmodules

.gitmodules

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

anyelevate.sln

anyelevate.sln

 
 

image.png

image.png

 
 

Repository files navigation

CI falling because of version mismatch of static library, dont care

anyelevate

x64 Windows privilege elevation using anycall

Usage

anyelevate.exe [process id]
  • [process id] process id to elevate privilege

How

Simply create copy of nt!_EPROCESS.Token in any desired target process.

kernel::memcpy(
    ( void* )( ( uint64_t )process + RVA_PEPROCESS_TOKEN ),
    &system_process_token,
    sizeof( EX_FAST_REF ) );

Then you are NT AUTHORITY\SYSTEM.
Imagine this is all done by one thing - the physical memory mapping.

License

MIT copyright Kento Oki <hrn832@protonmail.com>

color-console copyright 2018 Lei Fu

About

x64 Windows privilege elevation using anycall

Topics

windows kernel exploit windows-10 privilege-escalation code-execution privilege-elevation privilege-escalation-exploits

Resources

Readme

License

MIT license
Activity

Stars

19 stars

Watchers

3 watching

Forks

13 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages