You could also use the stolen process handle as the parent process using PROC_THREAD_ATTRIBUTE_PARENT_PROCESS attribute with CreateProcess and avoid needing to inject shellcode at all :-)
Here is an exploit for LPE CVE-2019-1184 in case anybody else is interested in this cool bug: https://github.com/0vercl0k/stuffz/blob/master/CVE-2019-1184/CVE-2019-1184.cc …pic.twitter.com/Osr4Rk2V8z
-
-
-
Haha
@masthoon taught me this trick and I always forget about it :) - Još 2 druga odgovora
Novi razgovor -
-
-
What does that big Shellcode block do exactly? (I‘m afk)
-
It's just CreateProcess I think:https://github.com/0vercl0k/stuffz/blob/master/CVE-2019-1184/payload.cc …
- Još 3 druga odgovora
Novi razgovor -
-
-
both getting the handle of sihost.exe and writing shellcode's byte successfully, but createremotethread failed, the error code is 5.please help
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.