CVE-2020-10915 PoC — Veeam One Agent 代码问题漏洞

Source

https://github.com/Cinnamon1212/Modified-CVE-2020-10915-MsfModule

Associated Vulnerability

Title:Veeam One Agent 代码问题漏洞 (CVE-2020-10915)
Description:Veeam One Agent是瑞士Veeam公司的一套用于物理机和虚拟机的数据保护和灾难恢复解决方案。 Veeam One Agent 9.5.4.4587版本中的HandshakeResult方法存在代码问题漏洞，该漏洞源于程序没有正确验证用户提交的数据。攻击者可利用该漏洞执行任意代码。

Description

THIS IS NOT AN ORIGINAL EXPLOIT. THIS IS AN AUDITED VERSION FOR A THM BOX

Readme

# Modified-CVE-2020-10915-MsfModule
THIS IS NOT AN ORIGINAL EXPLOIT. THIS IS AN AUDITED VERSION FOR A THM BOX

Below are the links for the original, tryhackme box and my writeup for the box:

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/misc/veeam_one_agent_deserialization.rb
https://tryhackme.com/room/set

File Snapshot


 [4.0K]  /data/pocs/001d6ec3e844e5a060ed81ed6c9d3a9b78bf4eb8
├── [ 347]  README.md
└── [6.0K]  veeam_one_agent_deserialization_SetExploit.rb

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!