bpmcdevitt/exploit-db-mirror

Offensive Security b4c96a5864 DB: 2021-09-03

28807 changes to exploits/shellcodes

2021-09-03 20:19:21 +00:00

934 B

Raw Blame History

VMware Escape Exploit

VMware Escape Exploit before VMware WorkStation 12.5.3

Host Target: Win10 x64

Compiler: VS2013

Test on VMware 12.5.2 build-4638234

Known issues

Failing to heap manipulation causes host process crash. (About 50% successful rate )
Not quite elaborate because I'm not good at doing heap "fengshui" on winows LFH.

FAQ

Q: Error in reboot vmware after crashing process.
A: Just remove *.lck folder in your vm directory or wait a while and have a coffee :).Here is a simple script I used to clean up.

Reference

https://keenlab.tencent.com/en/2018/04/23/A-bunch-of-Red-Pills-VMware-Escapes/

EDB Note: Download ~ https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/47715.zip