Skip to content

Commit

Permalink
Merge pull request SecWiki#14 from houjingyi233/master
Browse files Browse the repository at this point in the history 
add CVE-2018-8453
  • Loading branch information
@ourren
ourren authored Jan 30, 2019
2 parents a4e729a + 8c3b8e2 commit 790cfe7
Show file tree
Hide file tree
Showing 204 changed files with 3,925 additions and 2 deletions.
Binary file added CVE-2018-8453/4.mp4
View file
Binary file not shown.
14 changes: 14 additions & 0 deletions CVE-2018-8453/README.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
# Privilege escalation

## Description

```
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
```

## Vulnerability reference

* [CVE-2018-8453](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8453)
* [https://github.com/ze0r/cve-2018-8453-exp](https://github.com/ze0r/cve-2018-8453-exp)
* [[上篇]从补丁diff到EXP--CVE-2018-8453漏洞分析与利用](https://mp.weixin.qq.com/s/ogKCo-Jp8vc7otXyu6fTig)
* [[下篇]从补丁diff到EXP--CVE-2018-8453漏洞分析与利用](https://mp.weixin.qq.com/s/dcbUeegM0BqErtDufOXfoQ)
Binary file added CVE-2018-8453/exp-x86_pool_fengshui/1.jpg
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added CVE-2018-8453/exp-x86_pool_fengshui/2.jpg
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added CVE-2018-8453/exp-x86_pool_fengshui/3.jpg
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added CVE-2018-8453/exp-x86_pool_fengshui/4.mp4
View file
Binary file not shown.
13 changes: 13 additions & 0 deletions CVE-2018-8453/exp-x86_pool_fengshui/README.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
# cve-2018-8453-exp
cve-2018-8453 exp
本程序为cve-2018-8453的利用程序。
漏洞本身存在于win7及以后版本
但注意: 只有在win8.1及以后版本中才能利用!故本EXP只可用于WIN8.1及以后版本。

开发\测试平台:windows 10 rs2 15063
附: 使用Palette来读写内核

windows 2008 和 windows2012 x64位改版中。。


严重声明: 本工具仅用于技术研究学习。非法使用造成一切后果,均与本人无关。
Binary file added CVE-2018-8453/exp-x86_pool_fengshui/cve8453-GUI/.vs/cve8453/v14/.suo
View file
Binary file not shown.
Binary file added CVE-2018-8453/exp-x86_pool_fengshui/cve8453-GUI/Release/cve8453.exe
View file
Binary file not shown.
Binary file added CVE-2018-8453/exp-x86_pool_fengshui/cve8453-GUI/cve8453.VC.db
View file
Binary file not shown.
28 changes: 28 additions & 0 deletions CVE-2018-8453/exp-x86_pool_fengshui/cve8453-GUI/cve8453.sln
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@

Microsoft Visual Studio Solution File, Format Version 12.00
# Visual Studio 14
VisualStudioVersion = 14.0.25420.1
MinimumVisualStudioVersion = 10.0.40219.1
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "cve8453", "cve8453\cve8453.vcxproj", "{9EAE33EA-0B19-4794-B231-0D53D802B882}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|x64 = Debug|x64
Debug|x86 = Debug|x86
Release|x64 = Release|x64
Release|x86 = Release|x86
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{9EAE33EA-0B19-4794-B231-0D53D802B882}.Debug|x64.ActiveCfg = Debug|x64
{9EAE33EA-0B19-4794-B231-0D53D802B882}.Debug|x64.Build.0 = Debug|x64
{9EAE33EA-0B19-4794-B231-0D53D802B882}.Debug|x86.ActiveCfg = Debug|Win32
{9EAE33EA-0B19-4794-B231-0D53D802B882}.Debug|x86.Build.0 = Debug|Win32
{9EAE33EA-0B19-4794-B231-0D53D802B882}.Release|x64.ActiveCfg = Release|x64
{9EAE33EA-0B19-4794-B231-0D53D802B882}.Release|x64.Build.0 = Release|x64
{9EAE33EA-0B19-4794-B231-0D53D802B882}.Release|x86.ActiveCfg = Release|Win32
{9EAE33EA-0B19-4794-B231-0D53D802B882}.Release|x86.Build.0 = Release|Win32
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
EndGlobal
4 changes: 4 additions & 0 deletions CVE-2018-8453/exp-x86_pool_fengshui/cve8453-GUI/cve8453/Debug/cve8453.log
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
 stdafx.cpp
cve8453.cpp
cve8453.vcxproj -> c:\users\ze0r\desktop\cve8453\Debug\cve8453.exe
cve8453.vcxproj -> c:\users\ze0r\desktop\cve8453\Debug\cve8453.pdb (Full PDB)
Binary file added CVE-2018-8453/exp-x86_pool_fengshui/cve8453-GUI/cve8453/Debug/cve8453.obj
View file
Binary file not shown.
Binary file added CVE-2018-8453/exp-x86_pool_fengshui/cve8453-GUI/cve8453/Debug/cve8453.pch
View file
Binary file not shown.
Binary file added CVE-2018-8453/exp-x86_pool_fengshui/cve8453-GUI/cve8453/Debug/cve8453.res
View file
Binary file not shown.
Binary file added CVE-2018-8453/exp-x86_pool_fengshui/cve8453-GUI/cve8453/Debug/cve8453.tlog/CL.command.1.tlog
View file
Binary file not shown.
Binary file added CVE-2018-8453/exp-x86_pool_fengshui/cve8453-GUI/cve8453/Debug/cve8453.tlog/CL.read.1.tlog
View file
Binary file not shown.
Binary file added CVE-2018-8453/exp-x86_pool_fengshui/cve8453-GUI/cve8453/Debug/cve8453.tlog/CL.write.1.tlog
View file
Binary file not shown.
2 changes: 2 additions & 0 deletions ...-8453/exp-x86_pool_fengshui/cve8453-GUI/cve8453/Debug/cve8453.tlog/cve8453.lastbuildstate
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
#TargetFrameworkVersion=v4.0:PlatformToolSet=v140:EnableManagedIncrementalBuild=false:VCToolArchitecture=Native32Bit:WindowsTargetPlatformVersion=8.1
Debug|Win32|c:\users\ze0r\desktop\cve8453\|
Binary file added ...018-8453/exp-x86_pool_fengshui/cve8453-GUI/cve8453/Debug/cve8453.tlog/link.command.1.tlog
View file
Binary file not shown.
Binary file added CVE-2018-8453/exp-x86_pool_fengshui/cve8453-GUI/cve8453/Debug/cve8453.tlog/link.read.1.tlog
View file
Binary file not shown.
Binary file added CVE-2018-8453/exp-x86_pool_fengshui/cve8453-GUI/cve8453/Debug/cve8453.tlog/link.write.1.tlog
View file
Binary file not shown.
Binary file added CVE-2018-8453/exp-x86_pool_fengshui/cve8453-GUI/cve8453/Debug/cve8453.tlog/rc.command.1.tlog
View file
Binary file not shown.
Binary file added CVE-2018-8453/exp-x86_pool_fengshui/cve8453-GUI/cve8453/Debug/cve8453.tlog/rc.read.1.tlog
View file
Binary file not shown.
Binary file added CVE-2018-8453/exp-x86_pool_fengshui/cve8453-GUI/cve8453/Debug/cve8453.tlog/rc.write.1.tlog
View file
Binary file not shown.
Binary file added CVE-2018-8453/exp-x86_pool_fengshui/cve8453-GUI/cve8453/Debug/stdafx.obj
View file
Binary file not shown.
Binary file added CVE-2018-8453/exp-x86_pool_fengshui/cve8453-GUI/cve8453/Debug/vc140.idb
View file
Binary file not shown.
Binary file added CVE-2018-8453/exp-x86_pool_fengshui/cve8453-GUI/cve8453/Debug/vc140.pdb
View file
Binary file not shown.
45 changes: 45 additions & 0 deletions CVE-2018-8453/exp-x86_pool_fengshui/cve8453-GUI/cve8453/ReadMe.txt
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,45 @@
========================================================================
WIN32 应用程序:cve8453 项目概述
========================================================================

应用程序向导已为您创建了此 cve8453 应用程序。

本文件概要介绍组成 cve8453 应用程序的每个文件的内容。


cve8453.vcxproj
这是使用应用程序向导生成的 VC++ 项目的主项目文件,其中包含生成该文件的 Visual C++ 的版本信息,以及有关使用应用程序向导选择的平台、配置和项目功能的信息。

cve8453.vcxproj.filters
这是使用“应用程序向导”生成的 VC++ 项目筛选器文件。它包含有关项目文件与筛选器之间的关联信息。在 IDE 中,通过这种关联,在特定节点下以分组形式显示具有相似扩展名的文件。例如,“.cpp”文件与“源文件”筛选器关联。

cve8453.cpp
这是主应用程序源文件。

/////////////////////////////////////////////////////////////////////////////
应用程序向导创建了下列资源:

cve8453.rc
这是程序使用的所有 Microsoft Windows 资源的列表。它包括 RES 子目录中存储的图标、位图和光标。此文件可以直接在 Microsoft Visual C++ 中进行编辑。

Resource.h
这是标准头文件,可用于定义新的资源 ID。Microsoft Visual C++ 将读取并更新此文件。

cve8453.ico
这是用作应用程序图标 (32x32) 的图标文件。此图标包括在主资源文件 cve8453.rc 中。

small.ico
这是一个图标文件,其中包含应用程序的图标的较小版本 (16x16)。此图标包括在主资源文件 cve8453.rc 中。

/////////////////////////////////////////////////////////////////////////////
其他标准文件:

StdAfx.h, StdAfx.cpp
这些文件用于生成名为 cve8453.pch 的预编译头 (PCH) 文件和名为 StdAfx.obj 的预编译类型文件。

/////////////////////////////////////////////////////////////////////////////
其他注释:

应用程序向导使用“TODO:”注释来指示应添加或自定义的源代码部分。

/////////////////////////////////////////////////////////////////////////////
18 changes: 18 additions & 0 deletions CVE-2018-8453/exp-x86_pool_fengshui/cve8453-GUI/cve8453/Release/cve8453.Build.CppClean.log
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
c:\users\ze0r\desktop\cve8453\cve8453\release\cve8453.pch
c:\users\ze0r\desktop\cve8453\cve8453\release\vc140.pdb
c:\users\ze0r\desktop\cve8453\cve8453\release\stdafx.obj
c:\users\ze0r\desktop\cve8453\cve8453\release\cve8453.obj
c:\users\ze0r\desktop\cve8453\release\cve8453.exe
c:\users\ze0r\desktop\cve8453\release\cve8453.ipdb
c:\users\ze0r\desktop\cve8453\release\cve8453.iobj
c:\users\ze0r\desktop\cve8453\release\cve8453.pdb
c:\users\ze0r\desktop\cve8453\cve8453\release\cve8453.res
c:\users\ze0r\desktop\cve8453\cve8453\release\cve8453.tlog\cl.command.1.tlog
c:\users\ze0r\desktop\cve8453\cve8453\release\cve8453.tlog\cl.read.1.tlog
c:\users\ze0r\desktop\cve8453\cve8453\release\cve8453.tlog\cl.write.1.tlog
c:\users\ze0r\desktop\cve8453\cve8453\release\cve8453.tlog\link.command.1.tlog
c:\users\ze0r\desktop\cve8453\cve8453\release\cve8453.tlog\link.read.1.tlog
c:\users\ze0r\desktop\cve8453\cve8453\release\cve8453.tlog\link.write.1.tlog
c:\users\ze0r\desktop\cve8453\cve8453\release\cve8453.tlog\rc.command.1.tlog
c:\users\ze0r\desktop\cve8453\cve8453\release\cve8453.tlog\rc.read.1.tlog
c:\users\ze0r\desktop\cve8453\cve8453\release\cve8453.tlog\rc.write.1.tlog
8 changes: 8 additions & 0 deletions CVE-2018-8453/exp-x86_pool_fengshui/cve8453-GUI/cve8453/Release/cve8453.log
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
 cve8453.cpp
正在生成代码
1 of 123 functions ( 0.8%) were compiled, the rest were copied from previous compilation.
0 functions were new in current compilation
0 functions had inline decision re-evaluated but remain unchanged
已完成代码的生成
cve8453.vcxproj -> C:\Users\ze0r\Desktop\cve8453\Release\cve8453.exe
cve8453.vcxproj -> C:\Users\ze0r\Desktop\cve8453\Release\cve8453.pdb (Full PDB)
Binary file added CVE-2018-8453/exp-x86_pool_fengshui/cve8453-GUI/cve8453/Release/cve8453.obj
View file
Binary file not shown.
Binary file added CVE-2018-8453/exp-x86_pool_fengshui/cve8453-GUI/cve8453/Release/cve8453.pch
View file
Binary file not shown.
Binary file added CVE-2018-8453/exp-x86_pool_fengshui/cve8453-GUI/cve8453/Release/cve8453.res
View file
Binary file not shown.
Binary file added ...018-8453/exp-x86_pool_fengshui/cve8453-GUI/cve8453/Release/cve8453.tlog/CL.command.1.tlog
View file
Binary file not shown.
Binary file added CVE-2018-8453/exp-x86_pool_fengshui/cve8453-GUI/cve8453/Release/cve8453.tlog/CL.read.1.tlog
View file
Binary file not shown.
Binary file added CVE-2018-8453/exp-x86_pool_fengshui/cve8453-GUI/cve8453/Release/cve8453.tlog/CL.write.1.tlog
View file
Binary file not shown.
2 changes: 2 additions & 0 deletions ...453/exp-x86_pool_fengshui/cve8453-GUI/cve8453/Release/cve8453.tlog/cve8453.lastbuildstate
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
#TargetFrameworkVersion=v4.0:PlatformToolSet=v140:EnableManagedIncrementalBuild=false:VCToolArchitecture=Native32Bit:WindowsTargetPlatformVersion=8.1
Release|Win32|C:\Users\ze0r\Desktop\cve8453\|
Binary file added ...8-8453/exp-x86_pool_fengshui/cve8453-GUI/cve8453/Release/cve8453.tlog/link.command.1.tlog
View file
Binary file not shown.
Binary file added ...2018-8453/exp-x86_pool_fengshui/cve8453-GUI/cve8453/Release/cve8453.tlog/link.read.1.tlog
View file
Binary file not shown.
Binary file added ...018-8453/exp-x86_pool_fengshui/cve8453-GUI/cve8453/Release/cve8453.tlog/link.write.1.tlog
View file
Binary file not shown.
Binary file added ...018-8453/exp-x86_pool_fengshui/cve8453-GUI/cve8453/Release/cve8453.tlog/rc.command.1.tlog
View file
Binary file not shown.
Binary file added CVE-2018-8453/exp-x86_pool_fengshui/cve8453-GUI/cve8453/Release/cve8453.tlog/rc.read.1.tlog
View file
Binary file not shown.
Binary file added CVE-2018-8453/exp-x86_pool_fengshui/cve8453-GUI/cve8453/Release/cve8453.tlog/rc.write.1.tlog
View file
Binary file not shown.
Binary file added CVE-2018-8453/exp-x86_pool_fengshui/cve8453-GUI/cve8453/Release/stdafx.obj
View file
Binary file not shown.
Binary file added CVE-2018-8453/exp-x86_pool_fengshui/cve8453-GUI/cve8453/Release/vc140.pdb
View file
Binary file not shown.
31 changes: 31 additions & 0 deletions CVE-2018-8453/exp-x86_pool_fengshui/cve8453-GUI/cve8453/Resource.h
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
//{{NO_DEPENDENCIES}}
// Microsoft Visual C++ generated include file.
// Used by cve8453.rc
//

#define IDS_APP_TITLE 103

#define IDR_MAINFRAME 128
#define IDD_CVE8453_DIALOG 102
#define IDD_ABOUTBOX 103
#define IDM_ABOUT 104
#define IDM_EXIT 105
#define IDI_CVE8453 107
#define IDI_SMALL 108
#define IDC_CVE8453 109
#define IDC_MYICON 2
#ifndef IDC_STATIC
#define IDC_STATIC -1
#endif
// жÔÏóµÄÏÂÒ»×éĬÈÏÖµ
//
#ifdef APSTUDIO_INVOKED
#ifndef APSTUDIO_READONLY_SYMBOLS

#define _APS_NO_MFC 130
#define _APS_NEXT_RESOURCE_VALUE 129
#define _APS_NEXT_COMMAND_VALUE 32771
#define _APS_NEXT_CONTROL_VALUE 1000
#define _APS_NEXT_SYMED_VALUE 110
#endif
#endif
Binary file added CVE-2018-8453/exp-x86_pool_fengshui/cve8453-GUI/cve8453/cve8453.aps
View file
Binary file not shown.
Loading

0 comments on commit 790cfe7

Please sign in to comment.