-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Peter, Interesting exploit, especially that it can be exploited remotely in that context!
Now, my exploit writing skills are not great, but seeing as the code is executed in the context of a local service, could one not use shellcode such as a MOSDEF loader/stager or a Metasploit Meterpreter stager and gain remote access under the context of the local service (which, unless I am mistaken, runs with SYSTEM privs? Looking to test it later as I have a vuln laptop!). This would obiviate the need to (for remote exploitation) run psexec with the new creds. Or am I an idiot (who'se mind may be slowed down a little by the food and drink :3 ) Best regards, and seasons greetings to all :) - - Darren Martyn On 25/12/12 16:36, Peter WS wrote: > Dear list, > > I've written an exploit for an interesting bug which I found a day > or so ago, and thought I'd share it with you. > > http://pastebin.com/QP7eZaJt > > Hope you enjoy! -Peter > > > > > _______________________________________________ Dailydave mailing > list [email protected] > https://lists.immunityinc.com/mailman/listinfo/dailydave - -- Insecurety Research - http://insecurety.net -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJQ2gxrAAoJEEqUSoN8D1ViDYMH/iXJwNBdCGhO8jnCG7pz/wYi HSXAJDS3NZBnb7B1mXj2X3XVVVq0IOHTXuJSPQHdYFGOnuC4fU9af8TbwuL8g0Uw ModJ5KYkVUgkLlD8yuQq5gj3amKm1DtNlDuzEiycQaArueO7dp4EnQ3QJKyoKSDm f5f/wmqLfUOX57cFEAaR4lE+tnttJ7S1yWtw741L1YIpywvZf/iK81ptuzho4j8s yyNFsR5pmxTgkoSYHktMMucSrBR3TufZ4kzSlWnZnirY3u67CbqNeHGq6NRt4NUq nZ/iMVUzCNWndD56IaRSVlNJBxbWZ4a8cxC8vuEcWdHJoHUY1r6Pr7S6Kf2geWY= =lEpb -----END PGP SIGNATURE----- _______________________________________________ Dailydave mailing list [email protected] https://lists.immunityinc.com/mailman/listinfo/dailydave
