Issue while kmdload on win7x64
TheHurryCane88 opened this issue · 3 comments
As the title says, the provided signatures are not working in my situation, where the victim computer runs Windows 7 Ultimate x64.
PCI Leech could not detect the Kernel Module Signature in memory.
The attack was being performed trough PCI Express using a Supported FPGA device.
Reads and Writes were fine, i could also dump memory.
Is this project still not actively supporting attacks with Win7 Machines as targets by defaut as per direct Request (referencing older issues)?
@TheHurryCane88 Windows 7 ought to work fine still, I haven't tested it in a while, but then again I haven't changed things recently and neither have Windows 7 so it should work fine.
Have you gotten it to work somehow? Maybe you'd have to use a memory map (if the target is an AMD system), either -memmap auto or even better a manual memory map: https://github.com/ufrisk/LeechCore/wiki/Device_FPGA_AMD_Thunderbolt
@ufrisk
My initial scope was to change the passoword on the victim machine trough a cmd spawned on the attacking one, using the provided kernel modules from the pcileech binaries download.
Sadly in the end i did not manage to have it working, the CPU mounted is an old i7 3rd gen, so i did not bother to run a memmap.
The only thing that worked properly was the sticky keys signature scan, which i then used to invoke cmd from the victim machine itself (props to both you and the community for having this feature implemented, it saved me in this case scenario).
I can have access to the machine to run further tests, if it is any of your interest.
FPGA device is LeetDMA.
It's great to know the stickykeys signature worked fine.
I'll run some tests on my Windows 7 test box to verify. Thanks for reporting :)