"# CVE-2021-31956" 

WIP PoC code for CVE-2021-31956 in preparation for OSEE. Will improve it further after my OSEE exams and free time.
A lot of hardcoded offsets need to be changed if it is different on the target system ( but if it is anything similar to 2020 - 2021 builds then no change should be needed. Not sure 100%) and you can't exit the program because many pool headers are still corrupted as well as the Token field is still pointing to system's token. One of 3 things will happen if you try to exit the program, a BSOD, can't exit, or if the stars aligns exit safely but the system is probably unstable and is a ticking time bomb.

Credits: amazing write up that covers many details that NCC and other lacks good basic understanding of the vuln and good lessons learned for most of the starting code and a source for me to fall back onto if I am completely stuck - CVE-2021-31955 PoC that allow the leaking of EPROCESS. Though this is unnecessary due to the nature of the bug and the accessible CreatorProcess field inside WNF struct.
- Apt 69