View Single Post
Old 05-15-2017, 20:11
H4vC H4vC is offline
Join Date: Jan 2017
Posts: 32
Rept. Given: 0
Rept. Rcvd 1 Time in 1 Post
Thanks Given: 3
Thanks Rcvd at 20 Times in 11 Posts
H4vC Reputation: 1
Excuse the doublepost but as I see this becoming something i'll have to do a lot more and I'm guessing others at exetools while certainly more skilled than me might run into this I've written up a quick and easy way with handle inheritance.
Here's a source to a program that will steal handles from a privileged process and give them to your executable. (Compile as unsafe / 64bit only at the moment)
We're basically exploiting windows handle inheritance behavior if you can spawn a process from crss for example and it has an 0x1fffff handle to your process you'll get the same handle.
Attached Files
File Type: 7z HandleJack.7z (20.0 KB, 15 views)

Last edited by H4vC; 05-15-2017 at 20:51.
Reply With Quote
The Following User Says Thank You to H4vC For This Useful Post:
tonyweb (05-15-2017)