19 lines
No EOL
887 B
Text
19 lines
No EOL
887 B
Text
Exploit-CVE-2017-6008
|
|
|
|
The CVE-2017-6008 is a vulnerability in the HitmanPro scan that allows privilege escalation by exploiting a kernel pool buffer overflow. The exploits here use the Quota Process Pointer Overwrite attack as described in the Tarjei Mandt's paper
|
|
|
|
Also, the exploits use my Pool sprayer library
|
|
|
|
You can find a detailed paper on the Windows 7 exploit here:
|
|
https://trackwatch.com/kernel-pool-overflow-exploitation-in-real-world-windows-7/
|
|
|
|
Windows 10 version
|
|
|
|
This version use another vulnerability in the hitmanpro37.sys driver, an Out-Of-Bounds read, which we use to leak the Pool Cookie. This leak allows us to use the very same attack on Windows 10.
|
|
|
|
You can find a detailed paper of the exploit on Windows 10 here (coming soon):
|
|
https://trackwatch.com/
|
|
|
|
|
|
Proof of Concept:
|
|
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/43057.zip |