Cobalt Strike Beacon Object File foundation for kernel exploitation using CVE-2021-21551.
Built by Tijme. Credits to Alex for teaching me! Made possible by Northwave Security
This is a Cobalt Strike (CS) Beacon Object File (BOF) which exploits CVE-2021-21551. It only overwrites the beacon process token with the system process token. But this BOF is mostly just a good foundation for further kernel exploitation via CS.
Compiling
cl.exe /c .\KernelMii.c /Fo.\KernelMii.o
Running
$ kernel_mii
- If the vulnerable driver is not installed, you need to be local admin to install it.
- Load the vulnerable driver from memory instead of from disk.
- Delete the vulnerable driver if it was not preinstalled.
Issues or new features can be reported via the issue tracker. Please make sure your issue or feature has not yet been reported by anyone else before submitting a new one.
Copyright (c) 2022 Tijme Gommers & Northwave Security. All rights reserved. View LICENSE.md for the full license.