Windows Win32k Elevation of Privilege Vulnerability

This repository contains a working local privilege escalation exploit for CVE-2021-1732, a vulnerability in the Windows Win32k component affecting Windows 10 versions 1809 and 1909 x64. The main exploit logic is implemented in 'CVE-2021-1732_Exploit.cpp', which is a C++ source file. The exploit abuses window and menu object manipulation to achieve arbitrary kernel memory read/write, ultimately replacing the process token to gain SYSTEM privileges. The repository includes Visual Studio project files for building the exploit, as well as documentation in both English and Chinese. The exploit must be run locally on a vulnerable system and, if successful, provides a SYSTEM shell. No network or remote attack vector is present; the exploit is strictly local. The code is operational and demonstrates a full privilege escalation chain, but does not include a customizable payload framework.

This repository contains a working proof-of-concept (PoC) exploit for CVE-2021-1732, a local privilege escalation vulnerability in Microsoft Windows 10 (x64), specifically in the win32k.sys kernel component. The main exploit logic resides in 'CVE-2021-1732/CVE-2021-1732.cpp', which orchestrates the attack by creating and manipulating a large number of window objects, exploiting the desktop heap, and leveraging internal Windows APIs and structures. The exploit uses custom hooking (via HookLib) and direct system calls to manipulate kernel memory, ultimately allowing the attacker to overwrite process tokens and spawn a process with SYSTEM privileges. Supporting files include utility code for querying system handles and project files for building the exploit with Visual Studio. No network endpoints are present; the attack vector is strictly local, requiring code execution on the target machine. The code is a functional PoC and demonstrates a deep understanding of Windows internals and kernel exploitation techniques.

This repository contains a working local privilege escalation exploit for CVE-2021-1732, a Windows kernel vulnerability affecting multiple versions of Windows 10 and Windows Server. The main file, 'CVE-2021-1732_Exploit.cpp', is a C++ implementation that leverages window and menu object manipulation to achieve arbitrary kernel memory read/write, ultimately elevating the attacker's privileges to SYSTEM. The exploit is operational and requires local access to a vulnerable system. The README provides a comprehensive list of affected Windows versions and a demonstration image. No network endpoints are present; the attack vector is purely local. The code interacts with Windows system DLLs (notably user32.dll) and kernel structures, and is intended for advanced users familiar with Windows internals and exploit development.

This repository contains a working local privilege escalation exploit for CVE-2021-1732, a vulnerability in the Windows kernel (win32k.sys) affecting multiple versions of Windows 10 and Windows Server. The main file, 'CVE-2021-1732_Exploit.cpp', is a C++ implementation that leverages window and menu object manipulation to achieve arbitrary kernel memory read/write, ultimately allowing the attacker to escalate privileges to SYSTEM. The exploit is operational and requires local access to a vulnerable system. The README provides a list of affected Windows versions and a demonstration image. No network endpoints are present; the attack vector is purely local. The code interacts with system DLLs such as user32.dll and targets the win32k.sys kernel driver. The repository is structured simply, with one exploit source file and a README.

This repository contains a working local privilege escalation exploit for CVE-2021-1732, a vulnerability in the Windows kernel (Win32k component) affecting Windows 10 (versions 1803-20H2) and Windows Server 2019/2004. The main exploit logic is implemented in 'CVE-2021-1732/CVE-2021-1732.cpp', which orchestrates the attack by creating and manipulating window objects, spraying window handles, and abusing internal kernel structures via user-mode callbacks and desktop heap offsets. The exploit leverages custom hooks (via HookLib) and direct system calls to manipulate kernel memory and escalate privileges to SYSTEM. Supporting files include utility code for handle enumeration and project files for building the exploit. The README provides affected versions and a demonstration GIF. No network endpoints are present; the attack vector is strictly local, requiring code execution on a vulnerable Windows system. The exploit is operational and provides a SYSTEM shell or process upon success.