CVEs-PoC/2016/CVE-2016-7255.md

CVE-2016-7255

Description

The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."

POC

Reference

• http://blog.trendmicro.com/trendlabs-security-intelligence/one-bit-rule-system-analyzing-cve-2016-7255-exploit-wild/
• http://packetstormsecurity.com/files/140468/Microsoft-Windows-Kernel-win32k.sys-NtSetWindowLongPtr-Privilege-Escalation.html
• https://github.com/mwrlabs/CVE-2016-7255
• https://www.exploit-db.com/exploits/40745/
• https://www.exploit-db.com/exploits/40823/
• https://www.exploit-db.com/exploits/41015/

Github

• https://github.com/0xcyberpj/windows-exploitation
• https://github.com/0xpetros/windows-privilage-escalation
• https://github.com/1o24er/RedTeam
• https://github.com/ARPSyndicate/cvemon
• https://github.com/Al1ex/APT-GUID
• https://github.com/Al1ex/Red-Team
• https://github.com/Apri1y/Red-Team-links
• https://github.com/Ascotbe/Kernelhub
• https://github.com/CVEDB/PoC-List
• https://github.com/CVEDB/awesome-cve-repo
• https://github.com/CVEDB/top
• https://github.com/CrackerCat/Kernel-Security-Development
• https://github.com/Cruxer8Mech/Idk
• https://github.com/DivyTej/Windows-Exploit-Suggester-v2
• https://github.com/Echocipher/Resource-list
• https://github.com/ExpLife0011/CVE-2019-0803
• https://github.com/ExpLife0011/awesome-windows-kernel-security-development
• https://github.com/FSecureLABS/CVE-2016-7255
• https://github.com/FULLSHADE/WindowsExploitationResources
• https://github.com/Flerov/WindowsExploitDev
• https://github.com/GhostTroops/TOP
• https://github.com/Iamgublin/CVE-2019-0803
• https://github.com/Iamgublin/CVE-2020-1054
• https://github.com/JERRY123S/all-poc
• https://github.com/LegendSaber/exp
• https://github.com/MustafaNafizDurukan/WindowsKernelExploitationResources
• https://github.com/NitroA/windowsexpoitationresources
• https://github.com/NullArray/WinKernel-Resources
• https://github.com/Ondrik8/RED-Team
• https://github.com/Ondrik8/exploit
• https://github.com/Ostorlab/KEV
• https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
• https://github.com/TamilHackz/windows-exploitation
• https://github.com/ThunderJie/CVE
• https://github.com/ThunderJie/Study_pdf
• https://github.com/bbolmin/cve-2016-7255_x86_x64
• https://github.com/conceptofproof/Kernel_Exploitation_Resources
• https://github.com/cranelab/exploit-development
• https://github.com/cyberanand1337x/bug-bounty-2022
• https://github.com/dk47os3r/hongduiziliao
• https://github.com/hasee2018/Safety-net-information
• https://github.com/heh3/CVE-2016-7255
• https://github.com/hktalent/TOP
• https://github.com/homjxi0e/CVE-2016-7255
• https://github.com/howknows/awesome-windows-security-development
• https://github.com/hudunkey/Red-Team-links
• https://github.com/jbmihoub/all-poc
• https://github.com/john-80/-007
• https://github.com/landscape2024/RedTeam
• https://github.com/liuhe3647/Windows
• https://github.com/lnick2023/nicenice
• https://github.com/lp008/Hack-readme
• https://github.com/lsc1226844309/hanker1
• https://github.com/lyshark/Windows-exploits
• https://github.com/nobiusmallyu/kehai
• https://github.com/paulveillard/cybersecurity-exploit-development
• https://github.com/pr0code/https-github.com-ExpLife0011-awesome-windows-kernel-security-development
• https://github.com/pravinsrc/NOTES-windows-kernel-links
• https://github.com/qazbnm456/awesome-cve-poc
• https://github.com/slimdaddy/RedTeam
• https://github.com/svbjdbk123/-
• https://github.com/tinysec/vulnerability
• https://github.com/twensoo/PersistentThreat
• https://github.com/weeka10/-hktalent-TOP
• https://github.com/xbl3/awesome-cve-poc_qazbnm456
• https://github.com/xiaoZ-hc/redtool
• https://github.com/ycdxsb/WindowsPrivilegeEscalation
• https://github.com/yut0u/RedTeam-BlackBox
• https://github.com/yuvatia/page-table-exploitation