Mirrors/hacktricks
2
0
Fork 0
mirror of https://github.com/carlospolop/hacktricks synced 2024-11-28 15:41:34 +00:00
Code Issues Projects Releases Packages Wiki Activity

GitBook: [#3053] No subject

Browse source
This commit is contained in:
CPol 2022-03-13 15:41:22 +00:00 committed by gitbook-bot
parent 9027707da9
commit 3a14232f69
No known key found for this signature in database
GPG key ID: 07D2180C7B12D0FF
1 changed files with 5 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
windows/windows-local-privilege-escalation/leaked-handle-exploitation.md
View file

@ -55,15 +55,15 @@ int FindTarget(const char *procname) {
int Exploit(void) { int Exploit(void) {
STARTUPINFOA si; STARTUPINFOA si;
PROCESS_INFORMATION pi; PROCESS_INFORMATION pi;
int pid = 0; int pid = 0;
HANDLE hUserToken; HANDLE hUserToken;
HANDLE hUserProc; HANDLE hUserProc;
HANDLE hProc; HANDLE hProc;
// open a handle to itself (privileged process) - this gets leaked! // open a handle to itself (privileged process) - this gets leaked!
hProc = OpenProcess(PROCESS_ALL_ACCESS, TRUE, GetCurrentProcessId()); hProc = OpenProcess(PROCESS_ALL_ACCESS, TRUE, GetCurrentProcessId());
// get PID of user low privileged process // get PID of user low privileged process
if ( pid = FindTarget("explorer.exe") ) if ( pid = FindTarget("explorer.exe") )