search

hacksysteam / HackSysExtremeVulnerableDriver

HackSys Extreme Vulnerable Driver (HEVD) - Windows & Linux
https://hacksys.io
GNU General Public License v3.0
2.42k stars 525 forks source link

question about vulnerabilities #41

Closed ghost closed 3 years ago

ghost commented 3 years ago

I would like to know if all the implemented vulnerabilities apply to remote code execution (RCE)?

hacksysteam commented 3 years ago

Hi @KevinF4

Vulnerabilities Implemented

All of these vulnerabilities are used for Local Privilege Escalation.

ghost commented 3 years ago

Hi @KevinF4

Vulnerabilities Implemented

  • Write NULL
  • Double Fetch

  • Buffer Overflow

    • Stack
    • Stack GS
    • NonPagedPool
    • NonPagedPoolNx
    • PagedPoolSession

  • Use After Free

    • NonPagedPool
    • NonPagedPoolNx
  • Type Confusion

  • Integer Overflow

    • Arithmetic Overflow

  • Memory Disclosure

    • NonPagedPool
    • NonPagedPoolNx
  • Arbitrary Overwrite
  • Null Pointer Dereference

  • Uninitialized Memory

    • Stack
    • NonPagedPool
  • Insecure Kernel Resource Access

All of these vulnerabilities are used for Local Privilege Escalation.

and for remote code execution, does the team plan to add in the future?

hacksysteam commented 3 years ago

@KevinF4 RCE and LPE are not different from each other. It's just that RCE is mostly used for user mode and LPE for kernel mode. However to achieve LPE you first need to achieve RCE in kernel mode.

Are you looking for user mode exploitation? Can you also explain your context so that I can try to help better.

ghost commented 3 years ago

@KevinF4 RCE and LPE are not different from each other. It's just that RCE is mostly used for user mode and LPE for kernel mode. However to achieve LPE you first need to achieve RCE in kernel mode.

Are you looking for user mode exploitation? Can you also explain your context so that I can try to help better.

explain to me, for example: eternal blue gets a RCE in a microsoft kernel-mode driver right?can I also get an RCE equal to eternal blue, in this driver full of vulnerabilities? How would I do this? I'm a little confused..

hacksysteam commented 3 years ago

Ah! Now, I got what you mean. Currently, HEVD does not implement any vulnerabilities that can be triggered remotely. Currently, all the vulnerabilities are local vulnerabilities, meaning, you need code execution first before you use any bugs from HEVD.

hacksysteam commented 3 years ago

@KevinF4 can we close this issue?

ghost commented 3 years ago

@KevinF4 can we close this issue? sure thank you