Convert Ptython2exe
attacker_ip attacker_port -e Download and run on the target machine. python --onefile mspy. Microsoft Windows XP/ - '' Local Privilege Escalation (MS) · EDB-ID: · CVE: · Author: · Type: · Platform: · Date. MS priv escalation [>] MS Privilege Escalation Exploit C:\Documents and Settings\user\Desktop>PortablePy\App\ py -O XP.
Windows x86 Privilege Escalation ≈ Packet Storm.
The following mitigating factors may be helpful in your situation:. What is the scope of the vulnerability? This is an elevation of privilege vulnerability. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode and take complete control of an affected system.
An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights. What causes the vulnerability? The vulnerability is caused when the afd. The AFD component provides the "ancillary function driver," which supports Windows sockets applications and is contained in the afd. The afd. The Transport Driver Interface TDI defines a kernel-mode network interface that is exposed at the upper edge of all transport protocol stacks.
The highest level protocol driver in every such stack supports the TDI interface for still higher level kernel-mode network clients. What might an attacker use the vulnerability to do? How could an attacker exploit the vulnerability? To exploit this vulnerability, an attacker would first have to log on to the system.
An attacker could then run a specially crafted application that could exploit the vulnerability and take complete control over the affected system. What systems are primarily at risk from the vulnerability? Workstations and terminal servers are primarily at risk. Servers could be at more risk if administrators allow users to log on to servers and to run programs.
However, best practices strongly discourage allowing this. What does the update do? The update addresses this vulnerability by correcting the way that the AFD validates input before passing the input from user-mode to the Windows kernel. When this security bulletin was issued, had this vulnerability been publicly disclosed? Microsoft received information about this vulnerability through coordinated vulnerability disclosure.
When this security bulletin was issued, had Microsoft received any reports that this vulnerability was being exploited? Microsoft had not received any information to indicate that this vulnerability had been publicly used to attack customers when this security bulletin was originally issued.
Manage the software and security updates you need to deploy to the servers, desktop, and mobile systems in your organization. Security updates are available from Microsoft Update and Windows Update.
Security updates are also available from the Microsoft Download Center. You can find them most easily by doing a keyword search for "security update. Finally, security updates can be downloaded from the Microsoft Update Catalog. The Microsoft Update Catalog provides a searchable catalog of content made available through Windows Update and Microsoft Update, including security updates, drivers and service packs.
By searching using the security bulletin number such as, "MS" , you can add all of the applicable updates to your basket including different languages for an update , and download to the folder of your choosing. Microsoft provides detection and deployment guidance for security updates. This guidance contains recommendations and information that can help IT professionals understand how to use various tools for detection and deployment of security updates.
For more information, see Microsoft Knowledge Base Article Microsoft Baseline Security Analyzer MBSA allows administrators to scan local and remote systems for missing security updates as well as common security misconfigurations. Windows Server Update Services WSUS enables information technology administrators to deploy the latest Microsoft product updates to computers that are running the Windows operating system. Note Microsoft discontinued support for SMS 2. Customers are encouraged to upgrade to System Center Configuration Manager See also Downloads for Systems Management Server For more detailed information, see Microsoft Knowledge Base Article : Summary list of monthly detection and deployment guidance articles.
Updates often write to the same files and registry settings required for your applications to run. This can trigger incompatibilities and increase the time it takes to deploy security updates.
You can streamline testing and validating Windows updates against installed applications with the Update Compatibility Evaluator components included with Application Compatibility Toolkit. The Application Compatibility Toolkit ACT contains the necessary tools and documentation to evaluate and mitigate application compatibility issues before deploying Microsoft Windows Vista, a Windows Update, a Microsoft Security Update, or a new version of Windows Internet Explorer in your environment.
For information about the specific security update for your affected software, click the appropriate link:. The following table contains the security update information for this software. You can find additional information in the subsection, Deployment Information , in this section. When you install this security update, the installer checks whether one or more of the files that are being updated on your system have previously been updated by a Microsoft hotfix.
Security updates may not contain all variations of these files. For more information about this behavior, see Microsoft Knowledge Base Article For more information about the installer, see Microsoft Knowledge Base Article For more information about the terminology that appears in this bulletin, such as hotfix , see Microsoft Knowledge Base Article Note You can combine these switches into one command.
For backward compatibility, the security update also supports the setup switches that the earlier version of the Setup program uses. For more information about the supported installation switches, see Microsoft Knowledge Base Article See the section, Detection and Deployment Tools and Guidance , earlier in this bulletin for more information.
Because there are several editions of Microsoft Windows, the following steps may be different on your system. If they are, see your product documentation to complete these steps. You may also be able to verify the files that this security update has installed by reviewing the registry keys listed in the Reference Table in this section.
These registry keys may not contain a complete list of installed files. Also, these registry keys may not be created correctly when an administrator or an OEM integrates or slipstreams this security update into the Windows installation source files. For backward compatibility, the security update also supports many of the setup switches that the earlier version of the Setup program uses. Recently, the MS advisory caught our attention as it afforded us the opportunity to play in the kernel and try to get a working privilege escalation exploit out of it.
After downloading the patch from the Microsoft website, we extracted it, decompiled the afd. The results of our diff showed that only the AfdJoinLeaf function was changed:.
At this point, we have bypassed the necessary checks and have made it to the vulnerable code chunk:. Now, by setting the size of the output buffer to 0, we can bypass the code that checks if the output buffer is a writable address residing in user space. By circumventing this check, we will be able to specify any kernel address we choose as the address for the output buffer.
One possible path is to craft our attack to reach the call to AfdRestartJoin in the basic block at F In order to reach AfdRestartJoin, we once again need to take a couple of branches in the right direction, beginning with the branch at 0xDBD.
In the branch at 0xFEA, the socket state is checked. Now, with the various checks successfully bypassed, we reach the AfdRestartJoin function:.