HackSysExtremeVulnerableDriver icon indicating copy to clipboard operation
HackSysExtremeVulnerableDriver copied to clipboard

Published 20 hours ago verified publisher icon hacksysteam

PagedPoolSession challenge

Open w4fz5uck5 opened this issue 3 years ago • 1 comments

Hi, i'm trying for a long time to solve PagedPoolSession challenge, but i can't find a way to heap spraying this vulnerability, also actually there's no solution in source-code exploit path. Please, someone can help me with some hint or explanation about how we can perform this exploit? very thanks and loved all of those other challenges <3

w4fz5uck5 avatar Oct 22 '22 17:10 w4fz5uck5

Hi @w4fz5uck5

We used PagedPoolSession overflow in Windows 10 RS2-3 with Bitmap objects for arbitrary read-write. I'm not sure which objects can be used at the moment.

But if you are just looking for exercise, then install Windows 10 RS2 and read more about Bitmap and Palette objects.

https://www.coresecurity.com/core-labs/articles/abusing-gdi-for-ring0-exploit-primitives

hacksysteam avatar Oct 27 '22 05:10 hacksysteam