bpmcdevitt/exploit-db-mirror

Offensive Security d63de06c7a DB: 2022-11-10

2776 changes to exploits/shellcodes/ghdb

2022-11-10 16:39:50 +00:00

932 B

Raw Blame History

VMware Escape Exploit

VMware Escape Exploit before VMware WorkStation 12.5.3

Host Target: Win10 x64

Compiler: VS2013

Test on VMware 12.5.2 build-4638234

Known issues

Failing to heap manipulation causes host process crash. (About 50% successful rate )
Not quite elaborate because I'm not good at doing heap "fengshui" on winows LFH.

FAQ

Q: Error in reboot vmware after crashing process.
A: Just remove *.lck folder in your vm directory or wait a while and have a coffee :).Here is a simple script I used to clean up.

Reference

https://keenlab.tencent.com/en/2018/04/23/A-bunch-of-Red-Pills-VMware-Escapes/

EDB Note: Download ~ https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/47715.zip