defc0ebe5c
This commit contains a few changes for the ppr_flatten_rec local windows exploit. First, the exploit binary itself: * Updated to use the RDI submodule. * Updated to build with VS2013. * Updated to generate a binary called `ppr_flatten_rc.x86.dll`. * Invocation of the exploit requires address of the payload to run. Second, the module in MSF behaved a little strange. I expected it to create a new session with system privs and leave the existing session alone. This wasn't the case. It used to create an instance of notepad, migrate the _existing_ session to it, and run the exploit from there. This behaviour didn't seem to be consistent with other local exploits. The changes include: * Existing session is now left alone, only used as a proxy. * New notepad instance has exploit reflectively loaded. * New notepad instance has payload directly injected. * Exploit invocation takes the payload address as a parameter. * A wait is added as the exploit is slow to run (nature of the exploit). * Payloads are executed on successful exploit. |
||
|---|---|---|
| .. | ||
| DLLHijackAuditKit | ||
| ReflectiveDLLInjection@88e8e5f109 | ||
| byakugan | ||
| cmdstager/debug_asm | ||
| dllinject | ||
| exploits | ||
| ipwn | ||
| javapayload | ||
| meterpreter | ||
| metsvc | ||
| msfJavaToolkit | ||
| osx | ||
| passivex | ||
| pxesploit | ||
| shellcode | ||
| tightvnc | ||
| unixasm | ||
| vncdll | ||
| DLLHijackAuditKit.zip | ||