About  Project Blog Resources

Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

Exploiting System Mechanic Driver- 467

VoidsecPosted 4 Years Ago
  • The authors of this article recently took a course on Windows Exploitation at NULLCon and were out to prove they got something from it. The final challenge was a poorly built driver to exploit.
  • The driver takes a kernel pointer and writes a value to that location. This was found through dumb fuzzing within seconds. Clearly, pointers should not be passed directly to the kernel and write to.
  • The interesting thing is that the location is controllable but the value is not, making this a WRITE-WHERE primitive. By abusing this WRITE-WHERE primitive on the credential information (Present & Enabled) this gives the process complete privileges.

Maxwell DulinEmail me!TwitterGithubAdminBlog RSS FeedResources RSS Feed