daem0nc0re/HEVD-CSharpKernelPwn

CSharp Writeups for HackSys Extreme Vulnerable Driver

HackSys Extreme Vulnerable Driver Writeups with CSharp

My writeups for HackSys Extreme Vulnerable Driver. All writeups are written with CSharp (except for DLL). Tested on following OS:

• Windows 7 SP1 x86
• Windows 10 Version 1903 x64

Description

Windows 7 SP1 x86

To build codes, open HEVD_Win7x86.sln and run build. All codes are generated in bin folder under the home directory.

Project Name	Description
DoubleFetch	Writeup for Double Fetch vulnerability. Multiple CPU core required.
InjectLib	Sample DLL for Insecure Kernel Resource Access vulnerability. This DLL attempts to add hevdtest user with password Password123! and add hevdtest to Administrators group.
InsecureKernelResourceAccess	Writeup for Insecure Kernel Resource Access vulnerability. DLL for DLL Hijacking is required.
IntegerOverflow	Writeup for Integer Overflow vulnerablity.
NullPointerDereference	Writeup for Null Pointer Dereference vulnerablity.
PoolOverflow	Writeup for Pool Overflow vulnerablity.
StackOverflow	Writeup for Stack Overflow vulnerablity.
StackOverflowGS	Writeup for Stack Overflow vulnerablity with Stach Canary.
TypeConfusion	Writeup for Type Confusion vulnerablity.
UninitializedHeapVariable	Writeup for Uninitialized Heap Variable vulnerablity.
UninitializedStackVariable	Writeup for Uninitialized Stack Variable vulnerablity.
UseAfterFree	Writeup for Use-After-Free vulnerablity.
WriteNull	Writeup for Write NULL vulnerablity.
WriteWhatWhere	Writeup for Arbitrary Overwrite vulnerablity.
WriteWhatWhereGDI	Writeup for Arbitrary Overwrite vulnerablity with GDI memory leak.

Windows 10 Version 1903 x64

To build codes, open HEVD_Win10x64.sln and run build. All codes are generated in bin folder under the home directory.

Project Name	Description
ArbitraryIncrement	Writeup for Arbitrary Increment vulnerablity.
ArbitraryReadWrite	Writeup for Arbitrary Read and Write vulnerablity.
ArbitraryWrite	Writeup for Arbitrary Overwrite vulnerablity.
InjectLib	Sample DLL for Insecure Kernel Resource Access vulnerability. This DLL attempts to add hevdtest user with password Password123! and add hevdtest to Administrators group.
InsecureKernelResourceAccess	Writeup for Insecure Kernel Resource Access vulnerability. DLL for DLL Hijacking is required.

Acknowledgments

• HackSys Team (@HackSysTeam)
• b33f (@FuzzySec)