what you don't know can hurt you

Register | Login

FilesNewsUsersAuthors

Home Files News &[SERVICES_TAB]About Contact Add New

Showing 26 - 27 of 27

Files from Nils

Windows NTUserMessageCall Win32k Kernel Pool Overflow (Schlamperei)

Posted May 5, 2014

Authored by Nils, Jon | Site metasploit.com

A kernel pool overflow in Win32k which allows local privilege escalation. The kernel shellcode nulls the ACL for the winlogon.exe process (a SYSTEM process). This allows any unprivileged process to freely migrate to winlogon.exe, achieving privilege escalation. Used in pwn2own 2013 by MWR to break out of chrome's sandbox. NOTE: when you exit the meterpreter session, winlogon.exe is likely to crash.

tags | exploit, overflow, kernel, local, shellcode

advisories | CVE-2013-1300

SHA-256 | 029ce3aa761be432ed6f02ed2e5c43c401df5d87b251095db17f6f35430afe2d

Download | Favorite | View

Firefox onreadystatechange Event DocumentViewerImpl Use After Free

Posted Aug 8, 2013

Authored by webDEViL, sinn3r, juan vazquez, temp66, Nils | Site metasploit.com

This Metasploit module exploits a vulnerability found on Firefox 17.0.6, specifically an use after free of a DocumentViewerImpl object, triggered via an specially crafted web page using onreadystatechange events and the window.stop() API, as exploited in the wild on 2013 August to target Tor Browser users.

tags | exploit, web

advisories | CVE-2013-1690, OSVDB-94584

SHA-256 | e39e25d6845ff273ea20decb29f0fdfaca25648ab187f57278e8c2b631ce94c2

Download | Favorite | View