Windows Kernel Exploits

It’s worth noting that kernel exploits should be noted but not executed on normal tests as they come with a high risk of crashing the system.

First, you need to run systeminfo command to find all the information about the system. You’re looking for the OS version, architecture, and the hotfixes that have been installed on the system.

systeminfo
# returns system information including OS, architecture and hotfixes

wmic qfe get Caption,Description,HotFixID,InstalledOn
# gathers more information about the hotfixes installed on the host

Each hotfix has a KB number, which you’ll need to individually Google to help you to understand which exploits won’t work due to being patched. If there are 100s of hotfixes, it’s probably not worth doing this way and instead, better to run an automated tool.

The automated way is using Watson.exe or the old version, Sherlock.ps1: https://github.com/rasta-mouse/Watson

Get this onto the system, run it and identify possible exploits. These exploits will each come with their own instructions that you’ll have to follow.