Skip to content

Latest commit

 

History

History
 
 

MS13-005

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
 
 
 
 

MS13-005

Due to a problem with isolating window broadcast messages in the Windows kernel,
an attacker can broadcast commands from a lower Integrity Level process to a higher Integrity Level process, 
thereby effecting a privilege escalation. 
This issue affects Windows Vista, 7, 8, Server 2008, Server 2008 R2, Server 2012, and RT. 
Note that spawning a command prompt with the shortcut key combination Win+Shift+# does not work in Vista, 
so the attacker will have to check if the user is already running a command prompt and set SPAWN_PROMPT false. 
Three exploit techniques are available with this module. 
The WEB technique will execute a powershell encoded payload from a Web location. 
The FILE technique will drop an executable to the file system, 
set it to medium integrity and execute it. 
The TYPE technique will attempt to execute a powershell encoded payload directly from the command line, 
but may take some time to complete.

Vulnerability reference:

load the module within the msf

msf > use exploit/windows/local/ms13_005_hwnd_broadcast
msf exploit(ms13_005_hwnd_broadcast) > show targets
    ...targets...
msf exploit(ms13_005_hwnd_broadcast) > set TARGET <target-id>
msf exploit(ms13_005_hwnd_broadcast) > show options
    ...show and set options...
msf exploit(ms13_005_hwnd_broadcast) > exploit

Links