Executable payload exploits local privilege escalation (CVE-2015-1701) to steal System token.

Executable payload exploits local privilege escalation (CVE-2015-1701) to steal System token.

The payload contains an exploit for the unpatched local privilege escalation vulnerability CVE-2015-1701 in Microsoft Windows. The exploit uses CVE-2015-1701 to execute a callback in userspace. The callback gets the EPROCESS structures of the current process and the System process, and copies data from the System token into the token of the current process. Upon completion, the payload continues execution in usermode with the privileges of the System process.

Other Win32k LPE vulnerability used in APT attac.

Other Win32k LPE vulnerability used in APT attack. it work on windows XP/7/Vista. But Not work in windows 8 or later.

Download Executable :
Taihou64.exe(6.0 KB)
Taihou32.exe(5.5 KB)
Master.zip  | Clone URL
Source : https://github.com/hfiref0x | https://www.fireeye.com/resources/pdfs/apt28.pdf