Skip to content
/ eop24-26229 Public

A firebeam plugin that exploits the CVE-2024-26229 vulnerability to perform elevation of privilege from a unprivileged user

34 stars 6 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Cracked5pider/eop24-26229

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits
assets
assets
 
 
bin
bin
 
 
include
include
 
 
scripts
scripts
 
 
src
src
 
 
CMakeLists.txt
CMakeLists.txt
 
 
README.md
README.md
 
 
makefile
makefile
 
 
plugin.json
plugin.json
 
 
plugin.py
plugin.py
 
 

Repository files navigation

Firebeam CVE-2024-26229 plugin

A small firebeam (kaine's risc-v vm) plugin to exploit the CVE-2024-26229 vulnerability that utilizes a vulnerable IOCTL in csc.sys.

The vulnerability is used to get kernel R/W memory access to corrupt the KTHREAD->PreviousMode and then to leveraging DKOM to achieve LPE by copying over the token from the system process over to the current process token.

preview

The installation can be done automatically via the Havoc client plugin store and or manually installed by git cloning it into the havoc client plugin directory:

git clone https://github.com/Cracked5pider/eop24-26229 ~/.havoc/client/plugins/eop24-26229

credits

About

A firebeam plugin that exploits the CVE-2024-26229 vulnerability to perform elevation of privilege from a unprivileged user

Resources

Readme
Activity

Stars

34 stars

Watchers

2 watching

Forks

6 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages