Type your comment> @MTOTH said:
Rooted.
It is an easy box (user shell can be reached within 5 minutes) and I wonder if someone could run the original PoC script without any modification. It took me a half day to recreate the exploit and figure out what I had to change. I’m not familiar with rops and eggs, not even BOFs. But the cleanest method for me was to rebuild the whole exploit from zero on a virtual machine. It was a nice way to learn what could be wrong and a nice practice.
Anyway I have uploaded a working PoC which is working on x64 based Windows 10 systems. Find it on GitHub.
The one i used worked just fine without modification, except for the payload ofcourse. I’ll PM you a link of the one i used.