一
前言
由于以下是整理的提权漏洞合集和域渗透历史漏洞合集
Windows提权在线辅助工具(systeminfo)
https://www.shentoushi.top/av/kb.php
二
提权漏洞合集
Windows平台提权漏洞集合
https://github.com/Ascotbe/Kernelhub/blob/master/README.CN.md
https://github.com/SecWiki/windows-kernel-exploits
三
渗透历史漏洞整理
MS14-068(CVE-2014-6324)
Kerberos 校验和漏洞
https://nvd.nist.gov/vuln/detail/CVE-2014-6324
EXP/POC:
https://github.com/abatchy17/WindowsExploits/tree/master/MS14-068
Netlogon特权提升漏洞
https://nvd.nist.gov/vuln/detail/CVE-2020-1472
EXP/POC:
https://github.com/blackarrowsec/redteam-research/tree/master/CVE-2020-1472
Windows域服务权限提升漏洞
https://nvd.nist.gov/vuln/detail/CVE-2021-42287https://nvd.nist.gov/vuln/detail/CVE-2021-42278
EXP/POC:
https://github.com/WazeHell/sam-the-adminhttps://github.com/cube0x0/noPac
Microsoft Windows NTLM认证漏洞
https://nvd.nist.gov/vuln/detail/CVE-2019-1040https://paper.seebug.org/962/
EXP/POC:
https://github.com/Ridter/CVE-2019-1040
Microsoft Exchange任意用户伪造漏洞
https://nvd.nist.gov/vuln/detail/CVE-2018-8581
EXP/POC:
https://github.com/Ridter/Exchange2domain
Microsoft Exchange 反序列化RCE
https://nvd.nist.gov/vuln/detail/CVE-2020-0688
EXP/POC:
https://github.com/zcgonvh/CVE-2020-0688
Windows Print Spooler权限提升漏洞
https://nvd.nist.gov/vuln/detail/CVE-2021-1675
EXP/POC:
https://github.com/cube0x0/CVE-2021-1675
Exchange ProxyLogon远程代码执行漏洞
https://nvd.nist.gov/vuln/detail/CVE-2021-26855https://nvd.nist.gov/vuln/detail/CVE-2021-27065
EXP/POC:
https://github.com/hausec/ProxyLogon
Microsoft Exchange 远程代码执行漏洞
https://nvd.nist.gov/vuln/detail/CVE-2020-17144
EXP/POC:
https://github.com/Airboi/CVE-2020-17144-EXP
Microsoft Exchange 远程代码执行漏洞
https://nvd.nist.gov/vuln/detail/CVE-2020-16875
EXP/POC:
https://srcincite.io/pocs/cve-2020-16875.py.txt
Exchange ProxyShell SSRF
https://nvd.nist.gov/vuln/detail/CVE-2021-34473
EXP/POC:
https://github.com/dmaasland/proxyshell-poc
Exchange ProxyToken 信息泄露漏洞
https://nvd.nist.gov/vuln/detail/CVE-2021-33766
EXP/POC:
https://github.com/bhdresh/CVE-2021-33766-ProxyToken
四
参考链接
https://github.com/Ascotbe/Kernelhub
https://github.com/SecWiki/windows-kernel-exploits
五
往期回顾
新年特供【供应链作战指北!】
渗透实战—从app到网站沦陷
记一次色情APP的渗透过程【绿色健康】