infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Message correction

bug/bundler_fix
Meatballs 2014-05-02 14:18:18 +01:00
parent 69915c0de5
commit 56c5eac823
No known key found for this signature in database
GPG Key ID: 5380EAF01F2F8B38
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
modules/exploits/windows/local/ms13_053_schlamperei.rb
View File

@ -15,13 +15,13 @@ class Metasploit3 < Msf::Exploit::Local
include Msf::Post::Windows::Process
include Msf::Post::Windows::FileInfo
include Msf::Post::Windows::ReflectiveDLLInjection
def initialize(info={})
super(update_info(info, {
'Name' => 'Windows NTUserMessageCall Win32k Kernel Pool Overflow (Schlamperei)',
'Description' => %q{
A kernel pool overflow in Win32k which allows local privilege escalation.
The kernel shellcode nulls the ACL for the winlogon.exe process (a SYSTEM process).
The kernel shellcode nulls the ACL for the winlogon.exe process (a SYSTEM process).
This allows any unprivileged process to freely migrate to winlogon.exe, achieving
privilege escalation. Used in pwn2own 2013 by MWR to break out of chrome's sandbox.
NOTE: when you exit the meterpreter session, winlogon.exe is likely to crash.