Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Module for Razer Synapse (CVE-2017-9769) #8723
This PR adds a local privilege escalation module that exploits a currently unpatched vulnerability in Razer's Synapse application. The vulnerability exists within the rzpnk.sys driver where a specially crafted IOCTL can be used to open a handle to an arbitrary process with the necessary privileges to read, write, and allocate memory.
This vulnerability is identified by CVE-2017-9769.
The exploit module leverages the vulnerability to open a handle to the winlogon process which runs as NT_AUTHORITY\SYSTEM. The handle is then used to install a hook to execute the payload in a new thread. The hook can then be triggered on demand by the attacker with a call to
Example usage on Windows 10 x64:
Jul 17, 2017
1 check passed
pushed a commit
this pull request
Jul 17, 2017
The exploits/windows/local/razer_zwopenprocess module has been added to the framework. The module exploits a vulnerability within the rzpnk.sys driver, Razer Synapse, where a specially crafted IOCTL can be used to open a handle to an arbitrary process with the necessary privileges to read, write, and allocate memory. In order for the issued IOCTL to work, the RazerIngameEngine.exe process must not be running. This exploit will check if it is, and attempt to kill it as necessary. This exploit is not opsec-safe due to the user being logged out as part of the exploitation process.