CVE-2015-5736

This PoC exploits CVE-2015-5736 in FortiShield.sys using ROP chains, PreviousMode overwrite, and token stealing to achieve local privilege escalation. It leverages a race condition in MoveFileEx and arbitrary read/write primitives to manipulate kernel memory.

This exploit leverages a vulnerability in FortiShield.sys to bypass SMEP (Supervisor Mode Execution Prevention) by manipulating PTE (Page Table Entries) and executing a token-stealing payload for local privilege escalation on Windows 10 Pro x64 (Pre-Anniversary).

This exploit leverages a use-after-free vulnerability in the Windows kernel (CVE-2015-5736) to achieve local privilege escalation by manipulating bitmap objects and accelerator tables to corrupt kernel memory. It includes a ROP chain to bypass SMEP and execute arbitrary code in kernel mode.

This exploit targets CVE-2015-5736, a privilege escalation vulnerability in FortiShield.sys. It leverages memory leaks and ROP chains to achieve arbitrary code execution in kernel mode, ultimately spawning a command prompt with elevated privileges.