Priv_Esc CVE-2021-40449

https://github.com/Kristal-g/CVE-2021-40449_poc

More info here: https://kristal-g.github.io/2021/11/05/CVE-2021-40449_POC.html

Compiling

I did a bit of a hack with the MinHook library so it supports (somewhat partially) the 2019 Platform Toolset. That's why I included the lib files with this repo.

Windows Version Adapting

To adapt this repo to another Windows build you have to fix:

ntoskrnl.exe gadgets offsets for the rop chain
MiGetPteAddress offset in ntoskrnl.exe
The size of palettes, according to the (undocumented) size of PDEVOBJ (look at win32kbase!PDEV::Allocate)
Shellcode offsets of various structs (shellcode_offsets struct)

PreviousPrivilege Escalation Techniques NextMicrosoft Win32K Vulnerability (CVE-2021-40449)

Last updated 3 years ago