Scribd Logo
Upload

Welcome to Scribd!

  • Notas Exploit

    Uploaded by

    bacehew902
    12 views1 page
    The document discusses buffer overflows and modifying page table entries to achieve privilege escalation. It lists register values containing buffer addresses, describes adding values to create an overflow and modifying the no-execute bit. It identifies the location of the shared user data and an address where code could be placed to elevate privileges.

    Original Description:

    Copyright

    © © All Rights Reserved

    Available Formats

    TXT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document discusses buffer overflows and modifying page table entries to achieve privilege escalation. It lists register values containing buffer addresses, describes adding values to create an overflow and modifying the no-execute bit. It identifies the location of the shared user data and an address where code could be placed to elevate privileges.

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    12 views1 page

    Notas Exploit

    Uploaded by

    bacehew902
    The document discusses buffer overflows and modifying page table entries to achieve privilege escalation. It lists register values containing buffer addresses, describes adding values to create an overflow and modifying the no-execute bit. It identifies the location of the shared user data and an address where code could be placed to elevate privileges.

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 1

    RBX = 0xffffcc894fec7450 -> ffffcc89`4f76fd00 == BUFFER (0x4141414141414141)

    RCX = SIZE ENVIADO == 0x18


    RDI = 0xffffcc894fec7450 -> ffffcc89`4f76fd00 == BUFFER (0x4141414141414141)
    r8 == ffffb400`e0769730 == BUFFER (0x4141414141414141)
    r9 == 0xffffcc894f76fd00 == BUFFER (0x4141414141414141)

    0x4242424242424242
    +
    0x0000000043434343
    -------------------------------
    0x4242424285858585

    !pte 0xfffff78000000000+800

    ALTERAR BIT NX, PEGAR ENDEREÇO DA PAGE TABLE (PTE), ESCREVER EM _KUSER_SHARED_DATA,
    TRIGGAR O HALDISPATCH, EXECUTAR ELEVAÇÃO DE PRIVILEGIO.

    0xfffff78000000000 ==_KUSER_SHARED_DATA

    0xfffff78000000000+800 == CODE_CAVE

    You might also like