Exploit that are aimed CVE
| Exploit Name | Description | Credit & Source |
|---|---|---|
| ExchangeRCE-CVE-2020-0688 | CVE-2020-0688 (Microsoft Exchange default MachineKeySection deserialize vulnerability) ExchangeCmd.exe (RCE ) ExchangeDetect.exe (Vulnerability Checker) | zcgonvh |
| ProxyLogon-CVE-2021-26855-RCE | CVE-2021-26855 pre-authentication proxy vulnerability (CVE-2021-26855) in Exchange Servers that allows a remote actor to bypass authentication and receive "NT AUTHORITY\SYSTEM" privileges. Combined with a post-authentication vulnerability (CVE-2021-27065) that allows arbitrary file writes to the system | mil1200 RickGeex |
| ProxyShell_CVE-2021-34473_RCE | The ProxyShell vulnerabilities consist of three CVEs (CVE-2021-34473, CVE-2021-34523, CVE-2021-31207) affecting on-premises Microsoft Exchange servers to achieve pre-authenticated remote code execution (RCE). The exploitation chain was discovered and published by Orange Tsai (@orange_8361) from the DEVCORE Research Team | Udyz aravazhimdr dmaasland ktecv2000 |
| KDC-bamboozling_RPE_CVE-2021-42278 | Microsoft CVE-2021-42287: Active Directory Domain Services Elevation of Privilege Vulnerability | cube0x0 Wazehell ricardojba |
| MSHTML_CVE-2021-40444 | Inside of a Microsoft Office document, cybercriminals can craft a malicious ActiveX control that will execute arbitrary code from a specified remote location. Researcher Rich Warren has validated this attack triggered in Windows Explorer with “Preview Mode” enabled, even in just a rich-text format RTF file (not an Office file and without ActiveX). This indicates it can be exploited even without opening the file and this invalidates Microsoft’s workaround mitigation discussed below | lockedbyte aslitsecurity |
| Perfusion | On Windows 7, Windows Server 2008R2, Windows 8, and Windows Server 2012, the registry key of the RpcEptMapper and DnsCache (7/2008R2 only) services is configured with weak permissions. Any local user can create a Performance subkey and then leverage the Windows Performance Counters to load an arbitrary DLL in the context of the WMI service as NT AUTHORITY\SYSTEM (hence the tool's name). | itm4n |
| PetitPotam | PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw or other functions :) The tools use the LSARPC named pipe with inteface c681d488-d850-11d0-8c52-00c04fd90f7e because it's more prevalent. But it's possible to trigger with the EFSRPC named pipe and interface df1941c5-fe89-4e79-bf10-463657acf44d. It doesn't need credentials against Domain Controller | topotam |
| PrintNightmare_CVE-2021-1675 | CVE-2021-34527, or PrintNightmare, is a vulnerability in the Windows Print Spooler that allows for a low priv user to escalate to administrator on a local box or on a remote server. This is especially bad because it is not uncommon for Domain Controllers to have an exposed print spooler, and thus, this exploit can take an attacker from low-priv user to domain admin. | cube0x0 calebstewart |
| SeriousSAM_CVE-2021-36934(HiveNightmare) | An elevation of privilege vulnerability exists because of overly permissive Access Control Lists (ACLs) on multiple system files, including the Security Accounts Manager (SAM) database. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. | GossiTheDog FireFart HuskyHacks cube0x0 Based On WiredPulse |
| Win32k_LPE_CVE-2021-40449 | CVE-2021-40449 is a use-after-free in Win32k that allows for local privilege escalation. The vulnerability was found in the wild by Kaspersky. | ly4k KaLendsi Kristal-g |