[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-75907":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":9,"htmlUrl":9,"language":10,"languages":9,"totalLinesOfCode":9,"stars":11,"forks":12,"watchers":13,"openIssues":14,"contributorsCount":15,"subscribersCount":15,"size":15,"stars1d":15,"stars7d":15,"stars30d":16,"stars90d":15,"forks30d":15,"starsTrendScore":15,"compositeScore":17,"rankGlobal":9,"rankLanguage":9,"license":18,"archived":19,"fork":19,"defaultBranch":20,"hasWiki":21,"hasPages":19,"topics":22,"createdAt":9,"pushedAt":9,"updatedAt":23,"readmeContent":24,"aiSummary":25,"trendingCount":15,"starSnapshotCount":15,"syncStatus":26,"lastSyncTime":27,"discoverSource":28},75907,"GreenPlasma","Nightmare-Eclipse\u002FGreenPlasma","Nightmare-Eclipse","GreenPlasma Windows CTFMON Arbitrary Section Creation Elevation of Privileges Vulnerability",null,"C++",653,202,15,3,0,67,10.92,"MIT License",false,"main",true,[],"2026-06-12 02:03:37","# GreenPlasma\nGreenPlasma Windows CTFMON Arbitrary Section Creation Elevation of Privileges Vulnerability\n\nFor this one, I'm not dropping the full PoC, I stripped off the necessary code for a full SYSTEM shell. This is a huge challenge for CTF lovers out there.\n\nThe PoC will create an arbitrary memory section object in any directory object write-able by SYSTEM, if you're smart enough, you can turn this into a full privilege escalation as you can influence the newly created section to manipulate data, lots of services (and even kernel mode drivers) blindly trust certain paths since a standard user is normally not supposed to have write access to them.\n\nUnsure if this works in Windows 10 but it works in Windows 11\u002F2022\u002F2026 for sure.\n\n\u003Cimg width=\"1115\" height=\"628\" alt=\"obj\" src=\"https:\u002F\u002Fgithub.com\u002Fuser-attachments\u002Fassets\u002F3a843a4b-8daf-4fc9-9d95-26f87b67031b\" \u002F>\n","GreenPlasma 是一个针对 Windows CTFMON 任意节区创建提权漏洞的项目。该项目通过创建一个任意内存节区对象在 SYSTEM 用户可写的目录中，为有经验的安全研究人员提供了一个挑战性的练习，可用于提升权限。它利用了系统和服务对特定路径的信任机制，即使普通用户通常没有写入权限。该漏洞已在 Windows 11\u002F2022\u002F2026 中验证有效，但尚未确认是否适用于 Windows 10。此工具适合于网络安全竞赛参与者和安全研究人员进行漏洞研究和攻防演练。",2,"2026-05-19 02:30:05","CREATED_QUERY"]