[Dailydave] Exploit for NVidia nvvsvc.exe

Darren Martyn darren at insecurety.net
Tue Dec 25 15:28:27 EST 2012


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Peter,
Interesting exploit, especially that it can be exploited remotely in
that context!

Now, my exploit writing skills are not great, but seeing as the code
is executed in the context of a local service, could one not use
shellcode such as a MOSDEF loader/stager or a Metasploit Meterpreter
stager and gain remote access under the context of the local service
(which, unless I am mistaken, runs with SYSTEM privs? Looking to test
it later as I have a vuln laptop!). This would obiviate the need to
(for remote exploitation) run psexec with the new creds.
Or am I an idiot (who'se mind may be slowed down a little by the food
and drink :3 )

Best regards, and seasons greetings to all :)

- - Darren Martyn

On 25/12/12 16:36, Peter WS wrote:
> Dear list,
> 
> I've written an exploit for an interesting bug which I found a day
> or so ago, and thought I'd share it with you.
> 
> http://pastebin.com/QP7eZaJt
> 
> Hope you enjoy! -Peter
> 
> 
> 
> 
> _______________________________________________ Dailydave mailing
> list Dailydave at lists.immunityinc.com 
> https://lists.immunityinc.com/mailman/listinfo/dailydave


- -- 
Insecurety Research - http://insecurety.net
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJQ2gxrAAoJEEqUSoN8D1ViDYMH/iXJwNBdCGhO8jnCG7pz/wYi
HSXAJDS3NZBnb7B1mXj2X3XVVVq0IOHTXuJSPQHdYFGOnuC4fU9af8TbwuL8g0Uw
ModJ5KYkVUgkLlD8yuQq5gj3amKm1DtNlDuzEiycQaArueO7dp4EnQ3QJKyoKSDm
f5f/wmqLfUOX57cFEAaR4lE+tnttJ7S1yWtw741L1YIpywvZf/iK81ptuzho4j8s
yyNFsR5pmxTgkoSYHktMMucSrBR3TufZ4kzSlWnZnirY3u67CbqNeHGq6NRt4NUq
nZ/iMVUzCNWndD56IaRSVlNJBxbWZ4a8cxC8vuEcWdHJoHUY1r6Pr7S6Kf2geWY=
=lEpb
-----END PGP SIGNATURE-----


More information about the Dailydave mailing list