Could not Find msvcrt Offset #10
Description
Hey @chompie1337, thanks for your hard work.
I've been trying to test this exploit in a closed environment (Server 2016, 1607) and each execution (including a restart) triggers a different error. On most of the cases, it was as previously reported here with the 8-byte error.
The most recent error I had is as follows:
In addition, I changed the network DNS settings of the server to itself only, and set the timeout interval in the Conditional Forwarder setting from 5 to 1, and this is how I actually went further from the other errors.
I can provide the other error log files as well (heapleak, heapleak64 etc).
EDIT:
Based on the logs and since I do have exitleak (including a manual check that showed the offset do exists in the offset file), I suspect that the file is not parsed properly as it's being written using os.command and not native python.
In addition, testing "pexit & 0xFFF" returns 0, which is super strange.
Thanks a lot!