Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/sailay1996/awesome_windows_logical_bugs

collect for learning cases
https://github.com/sailay1996/awesome_windows_logical_bugs

List: awesome_windows_logical_bugs

windows-exploitation windows-privilege-escalation

Last synced: 3 months ago
JSON representation

collect for learning cases

Host: GitHub
URL: https://github.com/sailay1996/awesome_windows_logical_bugs
Owner: sailay1996
Created: 2020-01-27T04:34:58.000Z (almost 5 years ago)
Default Branch: master
Last Pushed: 2023-09-27T10:16:07.000Z (about 1 year ago)
Last Synced: 2024-05-21T20:09:12.188Z (6 months ago)
Topics: windows-exploitation, windows-privilege-escalation
Language: VBScript
Size: 1.74 MB
Stars: 551
Watchers: 26
Forks: 74
Open Issues: 1
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

awesome-hacking-lists - sailay1996/awesome_windows_logical_bugs - collect for learning cases (VBScript)

README

        # awesome_windows_logical_bugs

Created this repo for the people who want to learn about windows logical privilege escalation bugs. 
And also I added some of my findings. You can contact me via [@404death](https://twitter.com/404death) to add good article which I missed. 
 

`work in progress (WIP) , I'm always update this repo when the new bugs release.`




#### Escalation of Privileges (Vulnerabilities and Other Research): 

* [Windows logical EoP Bugs](https://github.com/sailay1996/awesome_windows_logical_bugs/blob/master/learning_note_bookmarks.txt)

#### Privileged File Operations Bugs To SYSTEM shell (Techniques):

* [Arbitrary Directory Deletion to SYSTEM shell](https://github.com/sailay1996/awesome_windows_logical_bugs/blob/master/dir_delete2system.txt)

* [Arbitrary File create/write to SYSTEM shell](https://github.com/sailay1996/awesome_windows_logical_bugs/blob/master/FileWrite2system.txt)

* [Arbitrary Directory creation to SYSTEM shell](https://github.com/sailay1996/awesome_windows_logical_bugs/blob/master/dir_create2system.txt)

#### Service account to SYSTEM privilege (Token Impersonation) : 

* [service2system Privileged access](https://github.com/sailay1996/awesome_windows_logical_bugs/blob/master/service2system.txt)

#### Tools: 

* James Forshaw’s purpose-built tools & libraries

  * https://github.com/googleprojectzero/symboliclink-testing-tools

  * https://github.com/googleprojectzero/sandbox-attacksurface-analysis-tools

* Windows built-in tools (powershell, cmd, filesystem utilities) 

* SysInternals

#### Research by James Forshaw / Google Project Zero 

* https://googleprojectzero.blogspot.com/2015/08/windows-10hh-symbolic-link-mitigations.html 

* https://googleprojectzero.blogspot.com/2015/12/between-rock-and-hard-link.html 

* https://googleprojectzero.blogspot.com/2016/02/the-definitive-guide-on-win32-to-nt.html 

* https://googleprojectzero.blogspot.com/2017/08/windows-exploitation-tricks-arbitrary.html 

* https://googleprojectzero.blogspot.com/2018/04/windows-exploitation-tricks-exploiting.html 

* https://infocon.org/cons/SyScan/SyScan%202015%20Singapore/SyScan%202015%20Singapore%20presentations/SyScan15%20James%20Forshaw%20-%20A%20Link%20to%20the%20Past.pdf 

* https://vimeo.com/133002251

#### Thank to:  

[@tiraniddo](https://twitter.com/tiraniddo)

[@SandboxBear](https://twitter.com/SandboxBear)

[@jonasLyk](https://twitter.com/jonasLyk)

[@itm4n](https://twitter.com/itm4n)

[@decoder_it](https://twitter.com/decoder_it)

[@enigma0x3](https://twitter.com/enigma0x3)

[@padovah4ck](https://twitter.com/padovah4ck)

[@clavoillotte](https://twitter.com/clavoillotte)

[@PsiDragon](https://twitter.com/PsiDragon)

[@edwardzpeng](https://twitter.com/edwardzpeng)

#### suggestion : If you want to deep dive about windows, go first to `Windows Internal` [ebook](https://www.microsoftpressstore.com/store/windows-internals-part-1-system-architecture-processes-9780735684188)