Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use the new style of Windows version detection for CVE-2022-3699 #18579

Merged
merged 1 commit into from Nov 29, 2023
Merged

Use the new style of Windows version detection for CVE-2022-3699 #18579

merged 1 commit into from Nov 29, 2023

Conversation

zeroSteiner
Copy link
Contributor

@zeroSteiner zeroSteiner commented Nov 28, 2023
edited by bwatters-r7

Use the new style of Windows version detection that was added in #17336. This will become more important once the Windows Meterpreter returns a more accurate string for the sysinfo OS field.

This will ensure that things continue to work accurately once rapid7/metasploit-payloads#687 is landed.

Verification

List the steps needed to make sure this thing works

  • Start msfconsole
  • Obtain a session on a Windows Server 2019 or Windows Server 2022 system
  • Set VERBOSE to True to see the output
  • Drop into a pry session
  • Run the target_compatible? method and see that it makes the target as compatible whether or not the system is actually vulnerable
msf6 exploit(windows/local/cve_2022_3699_lenovo_diagnostics_driver) > pry
[*] Starting Pry shell...
[*] You are in the "exploit/windows/local/cve_2022_3699_lenovo_diagnostics_driver" module object

[1] pry(#<Msf::Modules::Exploit__Windows__Local__Cve_2022_3699_lenovo_diagnostics_driver::MetasploitModule>)> target_compatible?

[*] Windows Build Number = 10.0.20348.0
=> true
[2] pry(#<Msf::Modules::Exploit__Windows__Local__Cve_2022_3699_lenovo_diagnostics_driver::MetasploitModule>)>

@zeroSteiner
Use the new style of Windows version detection
7307c98 
This will become more important once the Windows Meterpreter returns a
more accurate string for the sysinfo OS field.
@zeroSteiner zeroSteiner changed the title Use the new style of Windows version detection Use the new style of Windows version detection for CVE-2022-3699 Nov 28, 2023
@bwatters-r7 bwatters-r7 self-assigned this Nov 29, 2023
@bwatters-r7
Copy link
Contributor 

msf6 exploit(windows/local/cve_2022_3699_lenovo_diagnostics_driver) > set session 21
session => 21
msf6 exploit(windows/local/cve_2022_3699_lenovo_diagnostics_driver) > pry
[*] Starting Pry shell...
[*] You are in the "exploit/windows/local/cve_2022_3699_lenovo_diagnostics_driver" module object

[1] pry(#<Msf::Modules::Exploit__Windows__Local__Cve_2022_3699_lenovo_diagnostics_driver::MetasploitModule>)> target_compatible?

[*] Windows Build Number = 10.0.20348.0
=> true
[2] pry(#<Msf::Modules::Exploit__Windows__Local__Cve_2022_3699_lenovo_diagnostics_driver::MetasploitModule>)> exit

@bwatters-r7 bwatters-r7 merged commit 56da86f into rapid7:master Nov 29, 2023
34 checks passed
@bwatters-r7 bwatters-r7 added the rn-fix release notes fix label Nov 29, 2023
@bwatters-r7
Copy link
Contributor

Release Notes

This converts the module to use the new style of Windows version detection that was added in #17336. This will become more important once the Windows Meterpreter returns a more accurate string for the sysinfo OS field.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@bwatters-r7 bwatters-r7

Labels
rn-fix release notes fix
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@zeroSteiner @bwatters-r7