Skip to content
/ Windows-Atom-Table-Hijacking Public

A privilege escalation vulnerability exists in Windows due to a flaw in the implementation of the Atom Table. An attacker could exploit this vulnerability by injecting malicious code into the Atom Table and hijacking a legitimate thread to execute the code in the context of a higher privileged process.

License

CC0-1.0 license
25 stars 6 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

SleepTheGod/Windows-Atom-Table-Hijacking

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
exploit.c
exploit.c
 
 
exploit.js
exploit.js
 
 
exploit2.c
exploit2.c
 
 
exploit3.c
exploit3.c
 
 

Repository files navigation

Title: Privilege Escalation in Windows through Atom Table Hijacking

Product: Windows

Affected Versions: Windows 7, Windows 8, Windows 10

Vulnerability Description:

A privilege escalation vulnerability exists in Windows due to a flaw in the implementation of the Atom Table. An attacker could exploit this vulnerability by injecting malicious code into the Atom Table and hijacking a legitimate thread to execute the code in the context of a higher privileged process.

Impact:

A local attacker could exploit this vulnerability to elevate privileges on the affected system and execute arbitrary code with elevated privileges, potentially allowing them to take full control of the system.

Exploitability:

An attacker with low-level privileges on the affected system could exploit this vulnerability to elevate privileges. To exploit this vulnerability, an attacker would need to have the ability to execute code on the targeted system.

Workaround:

There is currently no known workaround for this vulnerability. It is recommended that users apply the latest security update as soon as possible.

Shellcode Injection using Atom Bombing This code demonstrates how to inject shellcode into a running process on Windows using a technique called "Atom Bombing." Atom Bombing is a relatively new technique that exploits the Windows atom tables to inject arbitrary code into a process. This technique bypasses traditional security measures like antivirus software and can be used to elevate privileges, steal sensitive information, or execute malicious code.

This code is provided for educational purposes only. Do not use it to harm others or violate their privacy.

Usage To use this code, simply compile it into an executable and run it as an administrator. The code will locate the explorer.exe process and inject the shellcode string into the atom table of the ntdll.dll module. Once the code is injected, it can be executed by calling the GetProcAddress function with the name of the atom as an argument.

Disclaimer This code is provided for educational purposes only. The author assumes no responsibility for any harm caused by the use or misuse of this code. Use at your own risk.

About

A privilege escalation vulnerability exists in Windows due to a flaw in the implementation of the Atom Table. An attacker could exploit this vulnerability by injecting malicious code into the Atom Table and hijacking a legitimate thread to execute the code in the context of a higher privileged process.

Resources

Readme

License

CC0-1.0 license
Activity

Stars

25 stars

Watchers

1 watching

Forks

6 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages