c2a1585898
10 changes to exploits/shellcodes Google Chrome V8 JavaScript Engine 71.0.3578.98 - Out-of-Memory. Denial of Service (PoC) Microsoft Office SharePoint Server 2016 - Denial of Service (Metasploit) polkit - Temporary auth Hijacking via PID Reuse and Non-atomic Fork Microsoft Windows - Windows Error Reporting Local Privilege Escalation Microsoft Windows - DSSVC CheckFilePermission Arbitrary File Deletion MDwiki < 0.6.2 - Cross-Site Scripting Heatmiser Wifi Thermostat 1.7 - Cross-Site Request Forgery (Update Admin) ZTE MF65 BD_HDV6MF65V1.0.0B05 - Cross-Site Scripting BlogEngine 3.3 - XML External Entity Injection Linux/x86 - wget chmod execute over execve /bin/sh -c Shellcode (119 bytes)
16 lines
No EOL
1.1 KiB
Text
16 lines
No EOL
1.1 KiB
Text
Make sure to copy the file report.wer found in the folder PoC-Files in the same folder as the executable before running it... I guess I could have included it as a resource in the exe.. but whatever.
|
|
|
|
Example: "angrypolarbearbug.exe c:\windows\system32\drivers\pci.sys"
|
|
|
|
This will overwrite pci.sys with trash.
|
|
Couldn't repo on one core.
|
|
It can take a little for the bug to win race..
|
|
It might straight up not work on some CPUs.. I don't know..
|
|
You need an internet connection. !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
|
|
|
|
It's a non security issue really. You should have partial control over the write (change string fields in report.wer maybe?) .. I havn't tested.. but in theory if you can dump some script in it and overwrite filetypes that potentially execute it, that could be interesting.
|
|
|
|
You can also use it to perhaps disable third party AV software..
|
|
Windows defender will be harder since those files can only be modified by trusted installer, not even system.
|
|
|
|
Download: https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/46098.rar |