Re: Exploit for NVidia nvvsvc.exe

[Darren Martyn <darren () insecurety net>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Peter,
Interesting exploit, especially that it can be exploited remotely in
that context!

Now, my exploit writing skills are not great, but seeing as the code
is executed in the context of a local service, could one not use
shellcode such as a MOSDEF loader/stager or a Metasploit Meterpreter
stager and gain remote access under the context of the local service
(which, unless I am mistaken, runs with SYSTEM privs? Looking to test
it later as I have a vuln laptop!). This would obiviate the need to
(for remote exploitation) run psexec with the new creds.
Or am I an idiot (who'se mind may be slowed down a little by the food
and drink :3 )

Best regards, and seasons greetings to all :)

- - Darren Martyn

On 25/12/12 16:36, Peter WS wrote:
> Dear list,
>
> I've written an exploit for an interesting bug which I found a day
> or so ago, and thought I'd share it with you.
>
> http://pastebin.com/QP7eZaJt
>
> Hope you enjoy! -Peter
>
>
>
>
> _______________________________________________ Dailydave mailing
> list Dailydave () lists immunityinc com 
> https://lists.immunityinc.com/mailman/listinfo/dailydave


- -- 
Insecurety Research - http://insecurety.net
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJQ2gxrAAoJEEqUSoN8D1ViDYMH/iXJwNBdCGhO8jnCG7pz/wYi
HSXAJDS3NZBnb7B1mXj2X3XVVVq0IOHTXuJSPQHdYFGOnuC4fU9af8TbwuL8g0Uw
ModJ5KYkVUgkLlD8yuQq5gj3amKm1DtNlDuzEiycQaArueO7dp4EnQ3QJKyoKSDm
f5f/wmqLfUOX57cFEAaR4lE+tnttJ7S1yWtw741L1YIpywvZf/iK81ptuzho4j8s
yyNFsR5pmxTgkoSYHktMMucSrBR3TufZ4kzSlWnZnirY3u67CbqNeHGq6NRt4NUq
nZ/iMVUzCNWndD56IaRSVlNJBxbWZ4a8cxC8vuEcWdHJoHUY1r6Pr7S6Kf2geWY=
=lEpb
-----END PGP SIGNATURE-----
_______________________________________________
Dailydave mailing list
Dailydave () lists immunityinc com
https://lists.immunityinc.com/mailman/listinfo/dailydave