CVE-2021-36934

ShadowSteal is a Nim-based exploit for CVE-2021-36934 (SeriousSAM), which leverages improper permissions on Windows Volume Shadow Copies to extract SAM, System, and Security registry hives for credential theft. The tool automates enumeration and exfiltration via a Docker-based build environment.

This PowerShell script exploits CVE-2021-36934 (HiveNightmare) by copying SAM, SOFTWARE, and SYSTEM registry hives from Volume Shadow Copies, allowing a standard user to retrieve sensitive registry data. The exploit leverages improper access control on Windows 10 1809+ systems.

This PowerShell script checks for and remediates CVE-2021-36934, a vulnerability in Windows where the Local Users group has improper permissions on system files, allowing privilege escalation. It verifies permissions, deletes shadow copies, and reconfigures access controls.

This PowerShell script exploits CVE-2021-36934 (SeriousSam/HiveNightmare) by copying SAM and SYSTEM registry hives from Volume Shadow Copies, allowing local privilege escalation via credential extraction. It checks for vulnerable permissions and copies files from shadow copies to the current directory.

This repository contains a functional proof-of-concept exploit for CVE-2021-36934, which leverages improper access control in Windows Volume Shadow Copy Service (VSS) to copy sensitive system hive files (SAM, SYSTEM, SECURITY) from shadow copies to an attacker-controlled location. The exploit uses native Windows API calls to enumerate and access shadow copy devices.

The repository contains only a minimal README with the CVE identifier and a brief description ('HiveNightmare aka SeriousSAM') but no exploit code, technical details, or functional proof-of-concept.

This PoC exploits CVE-2021-36934 (HiveNightmare/SeriousSAM) by copying SAM and SYSTEM registry hives from Volume Shadow Copies, allowing non-admin users to access sensitive data like password hashes. The script iterates through shadow copies and attempts to dump the files to a local directory.

This repository contains a PowerShell script that detects and exploits CVE-2021-36934 (HiveNightmare/SeriousSam), a vulnerability allowing unauthorized access to the SAM registry hive via improper permissions and Volume Shadow Copy Service (VSS) snapshots. The script includes both detection and exploitation capabilities, as well as remediation options.

This repository contains a functional exploit for CVE-2021-36934 (HiveNightmare/SeriousSAM), which allows reading sensitive registry hives (SAM, SECURITY, SYSTEM) without admin privileges by leveraging shadow copies. The exploit is written in Rust and dumps the hives to the current directory for further credential extraction.

This repository contains a functional exploit for CVE-2021-36934, which is a vulnerability in Windows that allows local privilege escalation by exploiting improper access control in the Windows Registry. The provided code includes cryptographic functions and registry parsing logic to extract and decrypt sensitive data from the registry hives.

This repository contains a functional exploit for CVE-2021-36934 (SeriousSAM/HiveNightmare), which leverages improper access control in Windows to dump SAM, SYSTEM, and SECURITY registry hives. The script automates the extraction and cracking of the administrator password hash using external tools like HiveNightmare and a custom hashcat API.

This repository contains a functional proof-of-concept exploit for CVE-2021-36934, which abuses the Volume Shadow Copy Service (VSS) to access restricted files. The code enumerates shadow copies, allows user selection, and copies files from shadow storage to a user-specified destination.

The repository contains PowerShell scripts to detect and remediate CVE-2021-36934, a vulnerability in Windows 10 that allows unauthorized access to sensitive system files due to incorrect permissions. The Discovery.ps1 script checks for vulnerable permissions, while Remediation.ps1 removes excessive permissions and purges shadow copies.

This repository contains a functional C# script that exploits CVE-2021-36934 to copy sensitive system files (SAM, SYSTEM, SECURITY) from a Volume Shadow Copy, demonstrating privilege escalation via improper access control in Windows.

This repository contains a PowerShell script that checks for and remediates the CVE-2021-36934 (HiveNightmare) vulnerability by fixing ACL permissions on hive files and removing vulnerable shadow copies. It includes both detection and mitigation capabilities.

This repository contains a PowerShell script that detects and remediates CVE-2021-36934, a vulnerability in Windows where improper ACLs on system files allow local privilege escalation. The script checks for vulnerable ACLs, removes shadow copies, fixes permissions, and recreates shadow copies if necessary.

This repository contains a functional exploit for CVE-2021-36934, which leverages improper access control in Windows Volume Shadow Copy Service (VSS) to read sensitive registry hives (SAM, SECURITY, SYSTEM) as a low-privileged user. The PoC brute-forces shadow copy indices to locate and copy these files to a temporary directory for credential extraction.

The repository contains PowerShell scripts designed to detect and remediate CVE-2021-36934, a vulnerability involving improper permissions on the Windows SAM file. The scripts check for the presence of BUILTIN\Users permissions and provide remediation steps but do not include functional exploit code.

This PowerShell script exploits CVE-2021-36934 (HiveNightmare) by checking for and remediating improper permissions on Windows registry hives (SAM, Security, Software) and Volume Shadow Copies. It includes functions to detect vulnerability conditions and apply fixes, such as removing excessive permissions and deleting shadow copies.

This repository provides a detailed technical analysis and step-by-step demonstration of CVE-2021-36934 (HiveNightmare), a local privilege escalation vulnerability in Windows 10/11 and Windows Server 2019/2022. It includes exploitation steps, mitigation measures, and screenshots of the process.

This repository contains a functional exploit PoC for CVE-2021-36934 (HiveNightmare), demonstrating fileless malware techniques, reflective DLL injection, and LOLBin abuse for privilege escalation and credential access on Windows systems.

This repository provides a technical description and mitigation steps for CVE-2021-36934, a Windows Elevation of Privilege vulnerability. It includes a batch script for deploying a workaround via GPO but does not contain functional exploit code.

This repository contains a PowerShell script designed to mitigate CVE-2021-36934 (Serious SAM) by correcting permissions and deleting shadow copies on Windows systems. It is tailored for use with Datto RMM but can be adapted for other RMM tools.

This repository contains a functional C# script that exploits CVE-2021-36934 to copy sensitive system files (SAM, SYSTEM, SECURITY) from Windows Volume Shadow Copies, enabling privilege escalation or credential theft. The script bypasses normal file permissions by accessing shadow copies, which are typically readable without administrative privileges.

This repository contains a functional exploit for CVE-2021-36934 (HiveNightmare), which allows local privilege escalation by reading Windows Registry hive files. The code includes parsing and decryption logic for extracting sensitive data from registry hives.

This PoC exploits CVE-2021-36934 (HiveNightmare/SeriousSAM) by copying the SAM and SYSTEM registry hives from Volume Shadow Copies, allowing non-admin users to access sensitive information like password hashes. The script iterates through shadow copies to locate and dump these files to a local directory.

This repository contains a functional C++ exploit for CVE-2021-36934, which leverages Volume Shadow Copy Service (VSS) to copy sensitive system files (SAM, SYSTEM, SECURITY) from shadow copies. The exploit uses QueryDosDevice to locate shadow copies and copies the files to the current directory.

This repository contains a functional exploit for CVE-2021-36934 (HiveNightmare), which allows non-admin users to read sensitive registry hives (SAM, SYSTEM, SECURITY) by leveraging improper access control on Volume Shadow Copy Service (VSS) snapshots. The exploit iterates through VSS snapshots to locate and dump the hives to the current directory.

This repository is a collection of documentation and metadata for various Windows CVEs, including CVE-2021-36934. It contains README files, issue templates, and a Python script for generating documentation but no functional exploit code.