Share
## https://sploitus.com/exploit?id=F20B08C7-69F5-501B-8714-61ED74BADB36
# trinity-lpe
Kernel-mode privilege escalation via three-driver BYOVD chain. Exploits FastDump (KASLR leak), CITMDRV (physical read), and NTIOLib (physical write) to locate and overwrite EPROCESS token structures, escalating unprivileged processes to SYSTEM.
## Compile
Open a x64 Native compiler(Visual Studio Code Compiler) Command Prompt and run:
โ```
cl /nologo /O2 exploit.c /Fe:exploit.exe /link psapi.lib advapi32.lib
โ```
## Demo
Watch the exploit demo: https://youtu.be/Xd4m6Hg4Xfs
## Run
โ```
exploit.exe
โ```
Run from an admin cmd.exe as only FastDump requires Admin priviledges.
## Write-up
https://medium.com/@haider303mustafa/fastdump-sys-citmdrv-sys-567f57e9cd20