2022.07.05 - a New Hack today - PINKPANTHER takes over a Windows machine forever!! A partial exploit to raise root privilege on MS Windows 8 through 10 from any code running!

https://github.com/winterknife/PINKPANTHER

PINKPANTHER-master_exploit_source_2022.07.05.zip = https://files.catbox.moe/gx34hz.zip
PINKPANTHER-master_exploit_source_Github.pdf = https://files.catbox.moe/3sxzp8.pdf

Windows x64 kernel-mode handcrafted shellcode to replace primary access token of executing process with SYSTEM process token for Elevation of Privilege(EoP)

It could be written better (stronger) but it works and allows any installed program to root windows until microsoft patches next tuesday. Or earlier if in military patch support program.

a couple comments : https://news.ycombinator.com/item?id=31985714

That code can Pwn these builds so far :

Windows 7/Windows Server 2008 R2 Build 7601
Windows 8/Windows Server 2012 Build 9200
Windows 8.1/Windows Server 2012 R2 Build 9600
Windows 10 1507/TS1 Build 10240
Windows 10 1511/TS2 Build 10586
Windows 10 1607/RS1/Windows Server 2016 Build 14393
Windows 10 1703/RS2 Build 15063
Windows 10 1709/RS3 Build 16299
Windows 10 1803/RS4 Build 17134
Windows 10 1809/RS5/Windows Server 2019 Build 17763
Windows 10 1903/19H1 Build 18362
Windows 10 1909/19H2 Build 18363
Windows 10 2004/20H1 Build 19041
Windows 10 2009/20H2 Build 19042
Windows 10 2104/21H1 Build 19043
Windows 10 2110/21H2 Build 19044

Shocking, until machines patched next week. For now, 7 days of terror for the world.

I predict Microsoft, the owners of GitHub will delete this source code today, but I provided catbox links to archives.

Comments