The vulnerability allows read and write to arbitrary memory locations, and consequently gain NT AUTHORITY\SYSTEM privileges, by mapping \Device\PhysicalMemory into the calling process via ZwOpenSection and ZwMapViewOfSection.

The -u parameter of sudo can be used to specify a user id if preceded by '#', this module exploits a flaw in how that parameter is handled, when the id -1 is provided sudo will run the command as root even if it is restricted in the sudoers file For this exploit to work, there must be at least one directive in the sudoers file that allows a non privileged user to run a command as any user, thus by exploiting the flaw this command can be ran as root Depending on the configured commands inside the sudoers file, an new privileged agent can be deployed using only those commands. This exploit currently supports deploying the agent when vi or vim are allowed by a directive

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory.

Gets SYSTEM privileges exploiting two vulnerabilities (CVE-2019-1405 / CVE-2019-1322). The first one allows us to get NT AUTHORITY/SERVICE using a method of a COM Object from UPnP Device Host Service. Then, with NT AUTHORITY/SERVICE privileges, we elevate to NT AUTHORITY/SYSTEM with CVE-2019-1322.

In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker).

This module exploits a vulnerability in FreeBSD. A bug in the cdrom driver allows users with read access to the cdrom device to arbitrarily overwrite kernel memory when media is present thereby allowing a malicious user in the operator group to gain root privileges.

This module exploits a Check Point Endpoint Security Initial Client vulnerability that can execute arbitrary code with System privileges.

A stack-based buffer overflow in WECON LeviStudio HMI Editor allows an attacker to execute arbitrary code via crafted .UMP file. This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.

This module runs a web server waiting for vulnerable clients (Internet Explorer) to connect to it. When the client connects, it will try to install an agent by exploiting an invalid pointer reference in Internet Explorer.

This module runs a web server waiting for vulnerable clients (Internet Explorer) to connect to it. When the client connects, it will try to install an agent by exploiting an invalid pointer reference in Internet Explorer.