Pageviews

Thursday, 18 October 2018

Porting CVE-2018-8120 to an MSF module

Hi Internet,

#Shortpost
I have added the support of CVE-2018-8120 to MSF module, before porting this to MSF I read through the analysis of the issue.

After reading the blog post of xiaodaozhi I understood CVE-2018-8120 happens because of a null pointer dereference in the win32k kernel module at start this would lead to BSOD in vulnerable systems, however the exploit code was written in such a fashion that would override the function pointer which is present in kernel mode that achieves escalation of privilege to the remote or your local system.

It took me a while to port this to an MSF module also I would like to thank MSF team for there review's done during that time, at last this was successfully ported and landed!

The path for this module will be `exploit/windows/local/ms18_8120_win32k_privsec.rb` view this in action. (Sweeeeeeet!)
 
This module was tested against windows 7 x64 and x86 based systems and windows server 2008 R2 x64. However this vulnerability impacts following software versions or editions which are affected.
Reference: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8120



Thank you
Dhiraj

No comments:

Post a Comment