Thursday, January 28, 2010

Windows NT User Mode to Ring 0 Escalation Vulnerability

On the 19th of January 2010, a 0 day vulnerability was made public on Full Disclosure that could lead to privilege escalation on every version of Windows (from NT until 7). Both the source code and compiled executable are available on Exploit DB.

1. Get the exploit code from here
2. Extract the vdmexploit.dll and vdmallowed.exe files (or compile with Visual C++ if you do not want to run executables without reading the code)
3. Move the .dll and .exe to your target machine (through SMB, FTP or TFTP depending on the capabilities you have on your target machine)
4. Run vdmallowed.exe

On the 25th of January 2010, HD Moore added a script to the Metasploit 3.3.4-DEV to automatically exploit and execute the KiTrap0d. We noted some issues with the script, and a few hours later, an update was made on the KiTrap0d kit in Metasploit. Thanks HD Moore!

No comments:

Post a Comment