Posted by smartypants | in technology (edited )

2022.07.05 - a New Hack today - PINKPANTHER takes over a Windows machine forever!! A partial exploit to raise root privilege on MS Windows 8 through 10 from any code running!

https://github.com/winterknife/PINKPANTHER

PINKPANTHER-master_exploit_source_2022.07.05.zip = https://files.catbox.moe/gx34hz.zip
PINKPANTHER-master_exploit_source_Github.pdf = https://files.catbox.moe/3sxzp8.pdf

Windows x64 kernel-mode handcrafted shellcode to replace primary access token of executing process with SYSTEM process token for Elevation of Privilege(EoP)

It could be written better (stronger) but it works and allows any installed program to root windows until microsoft patches next tuesday. Or earlier if in military patch support program.

a couple comments : https://news.ycombinator.com/item?id=31985714

That code can Pwn these builds so far :

  • Windows 7/Windows Server 2008 R2 Build 7601
  • Windows 8/Windows Server 2012 Build 9200
  • Windows 8.1/Windows Server 2012 R2 Build 9600
  • Windows 10 1507/TS1 Build 10240
  • Windows 10 1511/TS2 Build 10586
  • Windows 10 1607/RS1/Windows Server 2016 Build 14393
  • Windows 10 1703/RS2 Build 15063
  • Windows 10 1709/RS3 Build 16299
  • Windows 10 1803/RS4 Build 17134
  • Windows 10 1809/RS5/Windows Server 2019 Build 17763
  • Windows 10 1903/19H1 Build 18362
  • Windows 10 1909/19H2 Build 18363
  • Windows 10 2004/20H1 Build 19041
  • Windows 10 2009/20H2 Build 19042
  • Windows 10 2104/21H1 Build 19043
  • Windows 10 2110/21H2 Build 19044

Shocking, until machines patched next week. For now, 7 days of terror for the world.

I predict Microsoft, the owners of GitHub will delete this source code today, but I provided catbox links to archives.

3

Comments

You must log in or register to comment.

There's nothing here…