CVE-2018-8897 icon indicating copy to clipboard operation
CVE-2018-8897 copied to clipboard

Published 20 hours ago verified publisher icon can1357

some problem about exploit

Open sebastian1428 opened this issue 6 years ago • 4 comments

Hi, can1357!first,thank you very much for providing the exp of cve-2018-8897 ,then, I try to test your exp on some OS,including win 7,2008 r2,win 10,but,all of these failed(I tested it on physical machines) i don’know where the problem is... As shown below(win 10(10.0.10240)): win10

when i press any key,the computer was down,the code of BSOD was KMODE_EXCEPTION_NOT_HANDLED. I used vs2012 to complie the file I wanna know What went wrong? and which OS you are testing on appreciate the response

sebastian1428 avatar Aug 24 '18 02:08 sebastian1428

Hi Sebastian, I tested and developed the exploit on Windows 10. As for your issue, could you check the .dmp file?

can1357 avatar Aug 24 '18 10:08 can1357

Thank you for your reply i try to find where problem is. so i use another computer to debug the target computer.i set up KDNET network kernel debugging(https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/setting-up-a-network-debugging-connection) when i press any key,the windbg is shown below.then i enter twice “g” in windbg,the exp shows exploit successful,but when i press any key again and enter whoami, it can't perform privilege escalation successfully.In addition, When I close this window,the windbg show some information. i try to check the .dmp file(i am not good at it)and i encounter some problem(the windbg can’t analysis “Small memory dump” and can analysis “Full memory dump” ) i try to solve this problem I would appreciate for your precious reply. 1 2 3 4

sebastian1428 avatar Aug 28 '18 01:08 sebastian1428

Hey, please change "Advanced System Settings -> Start-up and Recovery -> Write Debugging Information" to "Kernel memory dump" and then try to replicate the BSOD you were getting (KMODE_EXCEPTION_NOT_HANDLED) and upload the dump at %SystemRoot%\MEMORY.DMP or one of the minidumps if that's not possible.

Do not attach a debugger while doing this.

can1357 avatar Aug 28 '18 13:08 can1357

Hi, can1357.Thank you very much for your reply!!! These days, I installed the OS 2012 standard version on the physical machine for testing, the problems encountered are basically the same, in addition, the generated dump file, windbg can not analyze, it seems that the dump file is damaged, as shown below. new bitmap image new bitmap image 2 In BSOD, the progress will rise to 100%( the error code is KMODE_EXCEPTION_NOT_HANDLED) but will not automatically shut down. If it not generated the correct dump file.so the windbg can not analyze. i upload minidumps 082918-9750-01.zip kernel memory dump(44MB),I upload to Mediafire. http://www.mediafire.com/file/9qsyxs889qmb135/MEMORY.zip/file

Looking forward to your reply

sebastian1428 avatar Aug 29 '18 09:08 sebastian1428