header-logo
Suggest Exploit
vendor:
Windows 7
by:
Andrei Vlad LUȚAȘ and Dan Horea LUȚAȘ
5.5
CVSS
MEDIUM
SWAPGS attack
119
CWE
Product Name: Windows 7
Affected Version From: Windows 7
Affected Version To: Windows 10
Patch Exists: YES
Related CWE: CVE-2019-1125
CPE: o:microsoft:windows_7
Metasploit: https://www.rapid7.com/db/vulnerabilities/huawei-euleros-2_0_sp2-cve-2019-1125/https://www.rapid7.com/db/vulnerabilities/amazon-linux-ami-2-cve-2019-1125/https://www.rapid7.com/db/vulnerabilities/huawei-euleros-2_0_sp3-cve-2019-1125/https://www.rapid7.com/db/vulnerabilities/redhat-openshift-cve-2019-1125/https://www.rapid7.com/db/vulnerabilities/huawei-euleros-2_0_sp5-cve-2019-1125/https://www.rapid7.com/db/vulnerabilities/oracle-solaris-cve-2019-1125/https://www.rapid7.com/db/vulnerabilities/debian-cve-2019-1125/https://www.rapid7.com/db/vulnerabilities/centos_linux-cve-2019-1125/https://www.rapid7.com/db/vulnerabilities/oracle_linux-cve-2019-1125/https://www.rapid7.com/db/vulnerabilities/redhat_linux-cve-2019-1125/https://www.rapid7.com/db/vulnerabilities/suse-cve-2019-1125/https://www.rapid7.com/db/vulnerabilities/f5-big-ip-cve-2019-1125/https://www.rapid7.com/db/vulnerabilities/ubuntu-cve-2019-1125/https://www.rapid7.com/db/vulnerabilities/msft-cve-2019-1125/https://www.rapid7.com/db/vulnerabilities/amazon_linux-cve-2019-1125/
Other Scripts: N/A
Platforms Tested: Windows
2019

PoC for the SWAPGS attack

This holds the sources for the SWAPGS attack PoC publicly shown at Black Hat USA, 2019. It includes leakgsbkva - variant 1 (look for random values in kernel memory; limited to PE kernel image header), leakgsbkvat - variant 2 (extract random values from kernel memory; limited to PE kernel image header), whitepaper and Black Hat USA 2019 presentation.

Mitigation:

Install the latest security updates and patches.
Source

Exploit-DB raw data:

# PoC for the SWAPGS attack ([CVE-2019-1125](https://nvd.nist.gov/vuln/detail/CVE-2019-1125))

This holds the sources for the SWAPGS attack PoC publicly shown at Black Hat USA, 2019.

## Contents

* leakgsbkva - variant 1 (look for random values in kernel memory; limited to PE kernel image header)
* leakgsbkvat - variant 2 (extract random values from kernel memory; limited to PE kernel image header)
* whitepaper
* Black Hat USA 2019 presentation

## Prerequisites

1. Visual Studio 2015
2. Unpatched Windows x64 (7 or newer)

## Authors

* Andrei Vlad LUȚAȘ
* Dan Horea LUȚAȘ

## Additional resources

[Video Recording of presentation at Black Hat USA, 2019](https://www.youtube.com/watch?v=uBPry7jcfBE)


Download ~ https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/48071.zip

Navigation

Suggest Exploit

Services By CQR