-
Notifications
You must be signed in to change notification settings - Fork 91
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
62 changed files
with
2,864 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,87 @@ | ||
| #pragma once | ||
|
|
||
| #include "stdafx.h" | ||
| #include "GenericAttacks.h" | ||
| #include "PoolOverflow.h" | ||
| #include "KernelAddressLeak.h" | ||
| #include <string> | ||
|
|
||
| using namespace std; | ||
|
|
||
| void PrintHelpMenu() | ||
| { | ||
| printf("ExploitDemos Help:\n"); | ||
| printf("Demonstrates exploiting the KdExploitMe driver.\n"); | ||
| printf("--------------\n"); | ||
| printf("ExploitDemos.exe -ExploitNumber\n"); | ||
| printf(" -01 : Demo METHOD_WRITEWHATWHERE - NULL EPROCESS ACL.\n"); | ||
| printf(" -02 : Demo METHOD_DECADDRESS - Modify token privileges.\n"); | ||
| printf(" -03 : Demo METHOD_OVERFLOWPOOL - 0xbad0b0b0, Non-Paged Pool, 64bit only.\n"); | ||
| } | ||
|
|
||
| int _tmain(int argc, _TCHAR* argv[]) | ||
| { | ||
| string dummy = NULL; | ||
| if (argc != 2) | ||
| { | ||
| PrintHelpMenu(); | ||
| return -1; | ||
| } | ||
|
|
||
| printf("Press any key and hit enter to continue...\n"); | ||
| cin >> dummy; | ||
|
|
||
| HANDLE hDevice; | ||
| DWORD errNum; | ||
|
|
||
|
|
||
| UNREFERENCED_PARAMETER(argc); | ||
| UNREFERENCED_PARAMETER(argv); | ||
|
|
||
| // | ||
| // open the device | ||
| // | ||
|
|
||
| if ((hDevice = CreateFile(L"\\\\.\\KdExploitMe", | ||
| GENERIC_READ | GENERIC_WRITE, | ||
| 0, | ||
| NULL, | ||
| CREATE_ALWAYS, | ||
| FILE_ATTRIBUTE_NORMAL, | ||
| NULL)) == INVALID_HANDLE_VALUE) { | ||
|
|
||
| errNum = GetLastError(); | ||
|
|
||
| printf("- CreateFile failed! Error code = 0x%x\n", errNum); | ||
|
|
||
| return 0; | ||
| } | ||
|
|
||
|
|
||
| int exploitNumber = stoi(argv[1]+1); | ||
| switch (exploitNumber) | ||
| { | ||
| case 1: | ||
| AttackWriteWhatWhere(hDevice); | ||
| break; | ||
| case 2: | ||
| AttackDecAddress(hDevice); | ||
| break; | ||
| case 3: | ||
| AttackPO_BAD0B0B0(hDevice); | ||
| break; | ||
| default: | ||
| PrintHelpMenu(); | ||
| break; | ||
| } | ||
|
|
||
|
|
||
| // | ||
| // close the handle to the device. | ||
| // | ||
| CloseHandle(hDevice); | ||
| } | ||
|
|
||
|
|
||
|
|
||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,175 @@ | ||
| <?xml version="1.0" encoding="utf-8"?> | ||
| <Project DefaultTargets="Build" ToolsVersion="12.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003"> | ||
| <ItemGroup Label="ProjectConfigurations"> | ||
| <ProjectConfiguration Include="Debug|Win32"> | ||
| <Configuration>Debug</Configuration> | ||
| <Platform>Win32</Platform> | ||
| </ProjectConfiguration> | ||
| <ProjectConfiguration Include="Debug|x64"> | ||
| <Configuration>Debug</Configuration> | ||
| <Platform>x64</Platform> | ||
| </ProjectConfiguration> | ||
| <ProjectConfiguration Include="Release|Win32"> | ||
| <Configuration>Release</Configuration> | ||
| <Platform>Win32</Platform> | ||
| </ProjectConfiguration> | ||
| <ProjectConfiguration Include="Release|x64"> | ||
| <Configuration>Release</Configuration> | ||
| <Platform>x64</Platform> | ||
| </ProjectConfiguration> | ||
| </ItemGroup> | ||
| <PropertyGroup Label="Globals"> | ||
| <ProjectGuid>{D6194E14-75CE-456F-8771-2C7EF4455384}</ProjectGuid> | ||
| <Keyword>Win32Proj</Keyword> | ||
| <RootNamespace>ExploitDemos</RootNamespace> | ||
| </PropertyGroup> | ||
| <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" /> | ||
| <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration"> | ||
| <ConfigurationType>Application</ConfigurationType> | ||
| <UseDebugLibraries>true</UseDebugLibraries> | ||
| <PlatformToolset>v120</PlatformToolset> | ||
| <CharacterSet>Unicode</CharacterSet> | ||
| </PropertyGroup> | ||
| <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration"> | ||
| <ConfigurationType>Application</ConfigurationType> | ||
| <UseDebugLibraries>true</UseDebugLibraries> | ||
| <PlatformToolset>v120</PlatformToolset> | ||
| <CharacterSet>Unicode</CharacterSet> | ||
| </PropertyGroup> | ||
| <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration"> | ||
| <ConfigurationType>Application</ConfigurationType> | ||
| <UseDebugLibraries>false</UseDebugLibraries> | ||
| <PlatformToolset>v120</PlatformToolset> | ||
| <WholeProgramOptimization>true</WholeProgramOptimization> | ||
| <CharacterSet>Unicode</CharacterSet> | ||
| </PropertyGroup> | ||
| <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration"> | ||
| <ConfigurationType>Application</ConfigurationType> | ||
| <UseDebugLibraries>false</UseDebugLibraries> | ||
| <PlatformToolset>v120</PlatformToolset> | ||
| <WholeProgramOptimization>true</WholeProgramOptimization> | ||
| <CharacterSet>Unicode</CharacterSet> | ||
| </PropertyGroup> | ||
| <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" /> | ||
| <ImportGroup Label="ExtensionSettings"> | ||
| </ImportGroup> | ||
| <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'"> | ||
| <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" /> | ||
| </ImportGroup> | ||
| <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="PropertySheets"> | ||
| <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" /> | ||
| </ImportGroup> | ||
| <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'"> | ||
| <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" /> | ||
| </ImportGroup> | ||
| <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="PropertySheets"> | ||
| <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" /> | ||
| </ImportGroup> | ||
| <PropertyGroup Label="UserMacros" /> | ||
| <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'"> | ||
| <LinkIncremental>true</LinkIncremental> | ||
| </PropertyGroup> | ||
| <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'"> | ||
| <LinkIncremental>true</LinkIncremental> | ||
| </PropertyGroup> | ||
| <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'"> | ||
| <LinkIncremental>false</LinkIncremental> | ||
| </PropertyGroup> | ||
| <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'"> | ||
| <LinkIncremental>false</LinkIncremental> | ||
| </PropertyGroup> | ||
| <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'"> | ||
| <ClCompile> | ||
| <PrecompiledHeader>Use</PrecompiledHeader> | ||
| <WarningLevel>Level3</WarningLevel> | ||
| <Optimization>Disabled</Optimization> | ||
| <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions> | ||
| <SDLCheck>true</SDLCheck> | ||
| </ClCompile> | ||
| <Link> | ||
| <SubSystem>Console</SubSystem> | ||
| <GenerateDebugInformation>true</GenerateDebugInformation> | ||
| </Link> | ||
| </ItemDefinitionGroup> | ||
| <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'"> | ||
| <ClCompile> | ||
| <PrecompiledHeader>Use</PrecompiledHeader> | ||
| <WarningLevel>Level3</WarningLevel> | ||
| <Optimization>Disabled</Optimization> | ||
| <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions> | ||
| <SDLCheck>true</SDLCheck> | ||
| </ClCompile> | ||
| <Link> | ||
| <SubSystem>Console</SubSystem> | ||
| <GenerateDebugInformation>true</GenerateDebugInformation> | ||
| </Link> | ||
| </ItemDefinitionGroup> | ||
| <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'"> | ||
| <ClCompile> | ||
| <WarningLevel>Level3</WarningLevel> | ||
| <PrecompiledHeader>Use</PrecompiledHeader> | ||
| <Optimization>MaxSpeed</Optimization> | ||
| <FunctionLevelLinking>true</FunctionLevelLinking> | ||
| <IntrinsicFunctions>true</IntrinsicFunctions> | ||
| <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions> | ||
| <SDLCheck>true</SDLCheck> | ||
| <ExceptionHandling>Sync</ExceptionHandling> | ||
| <CompileAs>Default</CompileAs> | ||
| <RuntimeLibrary>MultiThreaded</RuntimeLibrary> | ||
| </ClCompile> | ||
| <Link> | ||
| <SubSystem>Console</SubSystem> | ||
| <GenerateDebugInformation>true</GenerateDebugInformation> | ||
| <EnableCOMDATFolding>true</EnableCOMDATFolding> | ||
| <OptimizeReferences>true</OptimizeReferences> | ||
| </Link> | ||
| </ItemDefinitionGroup> | ||
| <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'"> | ||
| <ClCompile> | ||
| <WarningLevel>Level3</WarningLevel> | ||
| <PrecompiledHeader>Use</PrecompiledHeader> | ||
| <Optimization>MaxSpeed</Optimization> | ||
| <FunctionLevelLinking>true</FunctionLevelLinking> | ||
| <IntrinsicFunctions>true</IntrinsicFunctions> | ||
| <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions> | ||
| <SDLCheck>true</SDLCheck> | ||
| <ExceptionHandling>Sync</ExceptionHandling> | ||
| <CompileAs>CompileAsCpp</CompileAs> | ||
| <RuntimeLibrary>MultiThreaded</RuntimeLibrary> | ||
| </ClCompile> | ||
| <Link> | ||
| <SubSystem>Console</SubSystem> | ||
| <GenerateDebugInformation>true</GenerateDebugInformation> | ||
| <EnableCOMDATFolding>true</EnableCOMDATFolding> | ||
| <OptimizeReferences>true</OptimizeReferences> | ||
| </Link> | ||
| </ItemDefinitionGroup> | ||
| <ItemGroup> | ||
| <Text Include="ReadMe.txt" /> | ||
| </ItemGroup> | ||
| <ItemGroup> | ||
| <ClInclude Include="GenericAttacks.h" /> | ||
| <ClInclude Include="Helpers.h" /> | ||
| <ClInclude Include="KernelAddressLeak.h" /> | ||
| <ClInclude Include="PoolOverflow.h" /> | ||
| <ClInclude Include="stdafx.h" /> | ||
| <ClInclude Include="Structures.h" /> | ||
| <ClInclude Include="targetver.h" /> | ||
| </ItemGroup> | ||
| <ItemGroup> | ||
| <ClCompile Include="GenericAttacks.cpp" /> | ||
| <ClCompile Include="ExploitDemos.cpp" /> | ||
| <ClCompile Include="Helpers.cpp" /> | ||
| <ClCompile Include="KernelAddressLeak.cpp" /> | ||
| <ClCompile Include="PoolOverflow.cpp" /> | ||
| <ClCompile Include="stdafx.cpp"> | ||
| <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">Create</PrecompiledHeader> | ||
| <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">Create</PrecompiledHeader> | ||
| <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">Create</PrecompiledHeader> | ||
| <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|x64'">Create</PrecompiledHeader> | ||
| </ClCompile> | ||
| </ItemGroup> | ||
| <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" /> | ||
| <ImportGroup Label="ExtensionTargets"> | ||
| </ImportGroup> | ||
| </Project> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,69 @@ | ||
| <?xml version="1.0" encoding="utf-8"?> | ||
| <Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003"> | ||
| <ItemGroup> | ||
| <Filter Include="Source Files"> | ||
| <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier> | ||
| <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions> | ||
| </Filter> | ||
| <Filter Include="Header Files"> | ||
| <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier> | ||
| <Extensions>h;hh;hpp;hxx;hm;inl;inc;xsd</Extensions> | ||
| </Filter> | ||
| <Filter Include="Resource Files"> | ||
| <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier> | ||
| <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions> | ||
| </Filter> | ||
| <Filter Include="Header Files\AttackIOCTL"> | ||
| <UniqueIdentifier>{dd2c5aff-a33c-4e30-9142-482508ddec08}</UniqueIdentifier> | ||
| </Filter> | ||
| <Filter Include="Source Files\AttackIOCTL"> | ||
| <UniqueIdentifier>{5b888192-e0eb-4efe-adf1-ef8a9fd888c4}</UniqueIdentifier> | ||
| </Filter> | ||
| </ItemGroup> | ||
| <ItemGroup> | ||
| <Text Include="ReadMe.txt" /> | ||
| </ItemGroup> | ||
| <ItemGroup> | ||
| <ClInclude Include="stdafx.h"> | ||
| <Filter>Header Files</Filter> | ||
| </ClInclude> | ||
| <ClInclude Include="targetver.h"> | ||
| <Filter>Header Files</Filter> | ||
| </ClInclude> | ||
| <ClInclude Include="KernelAddressLeak.h"> | ||
| <Filter>Header Files</Filter> | ||
| </ClInclude> | ||
| <ClInclude Include="GenericAttacks.h"> | ||
| <Filter>Header Files\AttackIOCTL</Filter> | ||
| </ClInclude> | ||
| <ClInclude Include="PoolOverflow.h"> | ||
| <Filter>Header Files\AttackIOCTL</Filter> | ||
| </ClInclude> | ||
| <ClInclude Include="Structures.h"> | ||
| <Filter>Header Files</Filter> | ||
| </ClInclude> | ||
| <ClInclude Include="Helpers.h"> | ||
| <Filter>Header Files</Filter> | ||
| </ClInclude> | ||
| </ItemGroup> | ||
| <ItemGroup> | ||
| <ClCompile Include="stdafx.cpp"> | ||
| <Filter>Source Files</Filter> | ||
| </ClCompile> | ||
| <ClCompile Include="ExploitDemos.cpp"> | ||
| <Filter>Source Files</Filter> | ||
| </ClCompile> | ||
| <ClCompile Include="KernelAddressLeak.cpp"> | ||
| <Filter>Source Files</Filter> | ||
| </ClCompile> | ||
| <ClCompile Include="GenericAttacks.cpp"> | ||
| <Filter>Source Files\AttackIOCTL</Filter> | ||
| </ClCompile> | ||
| <ClCompile Include="PoolOverflow.cpp"> | ||
| <Filter>Source Files\AttackIOCTL</Filter> | ||
| </ClCompile> | ||
| <ClCompile Include="Helpers.cpp"> | ||
| <Filter>Source Files</Filter> | ||
| </ClCompile> | ||
| </ItemGroup> | ||
| </Project> |
Oops, something went wrong.