can1357
commented
6 years ago Hi Sebastian, I tested and developed the exploit on Windows 10. As for your issue, could you check the .dmp file?
Open sebastian1428 opened 6 years ago
can1357
commented
6 years ago Hi Sebastian, I tested and developed the exploit on Windows 10. As for your issue, could you check the .dmp file?
sebastian1428
commented
6 years ago Thank you for your reply
i try to find where problem is. so i use another computer to debug the target computer.i
set up KDNET network kernel debugging(https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/setting-up-a-network-debugging-connection)
when i press any key,the windbg is shown below.then i enter twice “g” in windbg,the exp shows exploit successful,but when i press any key again and enter whoami, it can't perform privilege escalation successfully.In addition,
When I close this window,the windbg show some information.
i try to check the .dmp file(i am not good at it)and i encounter some problem(the windbg can’t analysis “Small memory dump” and can analysis “Full memory dump” ) i try to solve this problem
I would appreciate for your precious reply.
can1357
commented
6 years ago Hey, please change "Advanced System Settings -> Start-up and Recovery -> Write Debugging Information" to "Kernel memory dump" and then try to replicate the BSOD you were getting (KMODE_EXCEPTION_NOT_HANDLED) and upload the dump at %SystemRoot%\MEMORY.DMP or one of the minidumps if that's not possible.
Do not attach a debugger while doing this.
sebastian1428
commented
5 years ago Hi, can1357.Thank you very much for your reply!!!
These days, I installed the OS 2012 standard version on the physical machine for testing, the problems encountered are basically the same, in addition, the generated dump file, windbg can not analyze, it seems that the dump file is damaged, as shown below.
In BSOD, the progress will rise to 100%( the error code is KMODE_EXCEPTION_NOT_HANDLED) but will not automatically shut down. If it not generated the correct dump file.so the windbg can not analyze.
i upload minidumps
082918-9750-01.zip
kernel memory dump(44MB),I upload to Mediafire.
http://www.mediafire.com/file/9qsyxs889qmb135/MEMORY.zip/file
Looking forward to your reply
Hi, can1357!first,thank you very much for providing the exp of cve-2018-8897 ,then, I try to test your exp on some OS,including win 7,2008 r2,win 10,but,all of these failed(I tested it on physical machines) i don’know where the problem is... As shown below(win 10(10.0.10240)):
when i press any key,the computer was down,the code of BSOD was KMODE_EXCEPTION_NOT_HANDLED. I used vs2012 to complie the file I wanna know What went wrong? and which OS you are testing on appreciate the response