Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PagedPoolSession challenge #52

Open
w4fz5uck5 opened this issue Oct 22, 2022 · 1 comment
Open

PagedPoolSession challenge #52

w4fz5uck5 opened this issue Oct 22, 2022 · 1 comment

Comments

@w4fz5uck5
Copy link
Contributor

Hi, i'm trying for a long time to solve PagedPoolSession challenge, but i can't find a way to heap spraying this vulnerability, also actually there's no solution in source-code exploit path. Please, someone can help me with some hint or explanation about how we can perform this exploit? very thanks and loved all of those other challenges <3
@hacksysteam
Copy link
Owner

Hi @w4fz5uck5

We used PagedPoolSession overflow in Windows 10 RS2-3 with Bitmap objects for arbitrary read-write. I'm not sure which objects can be used at the moment.

But if you are just looking for exercise, then install Windows 10 RS2 and read more about Bitmap and Palette objects.

https://www.coresecurity.com/core-labs/articles/abusing-gdi-for-ring0-exploit-primitives

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@hacksysteam @w4fz5uck5