Microsoft Windows 10 Build 1803 < 1903 - 'COMahawk' Local Privilege Escalation







## EDB Note

# COMahawk
**Privilege Escalation: Weaponizing CVE-2019-1405 and CVE-2019-1322**

## Video Demo

## Usage

### Compile or Download from Release (

1. Run COMahawk.exe
2. ???
3. Hopefully profit


1. COMahawk.exe "custom command to run" (ie. COMahawk.exe "net user /add test123 lol123 &")
2. ???
3. Hopefully profit

## Concerns
**MSDN mentioned that only 1803 to 1903 is vulnerable to CVE-2019-1322. If it doesn't work, maybe it was patched.**

However, it is confirmed that my 1903 does indeed have this bug so maybe it was introduced somewhere inbetween. YMMV.

Also, since you are executing from a service - you most likely cannot spawn any Window hence all command will be "GUI-less". Maybe different session? Idk, it is too late and I am tired haha.

## Credits: for helping me even when he doesn't even have a laptop for being the mental support and motivation

and most of all:

for discovering and publishing the write up. 100% of the credit goes here.