Win32k LPE vulnerability used in APT attack
License: BSD 2-Clause "Simplified" License
Original info https://www.fireeye.com/blog/threat-research/2015/04/probable_apt28_useo.html
Apply MS15-051 for fix. https://technet.microsoft.com/library/security/MS15-051
(c) 2015 CVE-2015-1701 Project
R136a1
Hi, this exploit has been handy to demonstrate local EoP. Thanks for making it available. Unfortunately it bugchecks after being run ~20 times because it is leaking ref counts. You can repro this by running it in a loop like this:
for /L %x in (1,1,20) do Taihou32.exe
Here's the stack trace:
00 820c7834 82b18e71 nt!RtlpBreakWithStatusInstruction
01 820c7884 82b1996d nt!KiBugCheckDebugBreak+0x1c
02 820c7c48 82b18d10 nt!KeBugCheck2+0x68b
03 820c7c6c 82aa4f22 nt!KeBugCheckEx+0x1e
04 820c7c90 82aa4ed0 nt!ObfDereferenceObjectWithTag+0x4b
05 820c7c98 82c8178c nt!ObfDereferenceObject+0xd
06 820c7cdc 82c82f72 nt!ObpCloseHandleTableEntry+0x21d
07 820c7d0c 82c830ea nt!ObpCloseHandle+0x7f
08 820c7d28 82a7f42a nt!NtClose+0x4e
09 820c7d28 775364f4 nt!KiFastCallEntry+0x12a
0a 0018ecfc 7753491c ntdll!KiFastSystemCallRet
0b 0018ed00 76e0623e ntdll!NtClose+0xc
0c 0018ef9c 76e04b37 kernel32!BasepCheckWinSaferRestrictions+0x71c
0d 0018f5d8 76db2059 kernel32!CreateProcessInternalW+0x1508
0e 0018f610 012f151d kernel32!CreateProcessW+0x2c
WARNING: Stack unwind information not available. Following frames may be wrong.
0f 0018fe58 76e01174 Taihou32+0x151d
10 0018fe64 7754b3f5 kernel32!BaseThreadInitThunk+0xe
11 0018fea4 7754b3c8 ntdll!__RtlUserThreadStart+0x70
12 0018febc 00000000 ntdll!_RtlUserThreadStart+0x1b
0: kd>
Seems to be leaking 2 each execution. A fresh boot that starts at ~40 references therefore bugchecks after 20 executions. Would you mind incrementing ref count to make it more stable? Thanks!
I have tried to run this exploit on win8 /win8.1 fresh installations and it didn't work
does it work only for win7?
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google โค๏ธ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.
