File tree Expand file tree Collapse file tree 1 file changed +4
-3
lines changed
modules/exploits/windows/local Expand file tree Collapse file tree 1 file changed +4
-3
lines changed Original file line number Diff line number Diff line change @@ -51,9 +51,9 @@ def initialize(info = {})
5151 ] ,
5252 'References' =>
5353 [
54- %w( CVE 2014-4971 ) ,
55- %w( EDB 34112 ) ,
56- %w( URL https://www.korelogic.com/Resources/Advisories/KL-001-2014-003.txt )
54+ [ ' CVE' , ' 2014-4971' ] ,
55+ [ ' EDB' , ' 34112' ] ,
56+ [ ' URL' , ' https://www.korelogic.com/Resources/Advisories/KL-001-2014-003.txt' ]
5757 ] ,
5858 'DisclosureDate' => 'Jul 22 2014' ,
5959 'DefaultTarget' => 0
@@ -150,6 +150,7 @@ def exploit
150150 restore_ptrs << "\xa3 " + [ haldispatchtable + 4 ] . pack ( 'V' ) # mov dword ptr [nt!HalDispatchTable+0x4], eax
151151
152152 shellcode = make_nops ( 0x200 ) + restore_ptrs + token_stealing_shellcode ( target )
153+
153154 this_proc . memory . write ( 0x1 , shellcode )
154155 this_proc . close
155156
You can’t perform that action at this time.
0 commit comments