Hi Internet,
#Shortpost
I have added the support of CVE-2018-8120 to MSF module, before porting this to MSF I read through the analysis of the issue.
After reading the blog post of xiaodaozhi I understood CVE-2018-8120 happens because of a null pointer dereference in the win32k kernel module at start this would lead to BSOD in vulnerable systems, however the exploit code was written in such a fashion that would override the function pointer which is present in kernel mode that achieves escalation of privilege to the remote or your local system.
It took me a while to port this to an MSF module also I would like to thank MSF team for there review's done during that time, at last this was successfully ported and landed!
The path for this module will be `exploit/windows/local/ms18_8120_win32k_privsec.rb` view this in action. (Sweeeeeeet!)
This module was tested against windows 7 x64 and x86 based systems and windows server 2008 R2 x64. However this vulnerability impacts following software versions or editions which are affected.
#Shortpost
I have added the support of CVE-2018-8120 to MSF module, before porting this to MSF I read through the analysis of the issue.
After reading the blog post of xiaodaozhi I understood CVE-2018-8120 happens because of a null pointer dereference in the win32k kernel module at start this would lead to BSOD in vulnerable systems, however the exploit code was written in such a fashion that would override the function pointer which is present in kernel mode that achieves escalation of privilege to the remote or your local system.
It took me a while to port this to an MSF module also I would like to thank MSF team for there review's done during that time, at last this was successfully ported and landed!
The path for this module will be `exploit/windows/local/ms18_8120_win32k_privsec.rb` view this in action. (Sweeeeeeet!)
 |
| Reference: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8120 |
Thank you
Dhiraj
Dhiraj