Closed TheHurryCane88 closed 5 months ago
ufrisk
commented
6 months ago @TheHurryCane88 Windows 7 ought to work fine still, I haven't tested it in a while, but then again I haven't changed things recently and neither have Windows 7 so it should work fine.
Have you gotten it to work somehow? Maybe you'd have to use a memory map (if the target is an AMD system), either -memmap auto or even better a manual memory map: https://github.com/ufrisk/LeechCore/wiki/Device_FPGA_AMD_Thunderbolt
TheHurryCane88
commented
6 months ago @ufrisk My initial scope was to change the passoword on the victim machine trough a cmd spawned on the attacking one, using the provided kernel modules from the pcileech binaries download. Sadly in the end i did not manage to have it working, the CPU mounted is an old i7 3rd gen, so i did not bother to run a memmap. The only thing that worked properly was the sticky keys signature scan, which i then used to invoke cmd from the victim machine itself (props to both you and the community for having this feature implemented, it saved me in this case scenario). I can have access to the machine to run further tests, if it is any of your interest. FPGA device is LeetDMA.
ufrisk
commented
5 months ago It's great to know the stickykeys signature worked fine.
I'll run some tests on my Windows 7 test box to verify. Thanks for reporting :)
As the title says, the provided signatures are not working in my situation, where the victim computer runs Windows 7 Ultimate x64. PCI Leech could not detect the Kernel Module Signature in memory. The attack was being performed trough PCI Express using a Supported FPGA device. Reads and Writes were fine, i could also dump memory. Is this project still not actively supporting attacks with Win7 Machines as targets by defaut as per direct Request (referencing older issues)?