漏洞平台

POC详情： 26a5db612180541e57b3a177bfd1a5ea2bc7460b

来源

https://github.com/maqeel-git/CVE-2020-0796

关联漏洞

标题： 微软 Microsoft SMBv3 缓冲区错误漏洞 (CVE-2020-0796)
描述：Microsoft SMBv3是美国微软（Microsoft）公司的一个为设备提供SMB功能的支持固件。 Microsoft Server Message Block 3.1.1 (SMBv3)版本中存在缓冲区错误漏洞，该漏洞源于SMBv3协议在处理恶意压缩数据包时，进入了错误流程。远程未经身份验证的攻击者可利用该漏洞在应用程序中执行任意代码。以下产品及版本受到影响：Microsoft Windows 10版本1903，Windows Server版本1903，Windows 10版本1909，Windo

介绍

# CVE-2020-0796: SMBGhost - Analysis and Ethical Exploitation

## Introduction

CVE-2020-0796, also known as "SMBGhost," is a critical security vulnerability affecting Microsoft Windows operating systems. It falls under the "wormable" category, meaning it can rapidly propagate across networked systems. This vulnerability resides in Microsoft's Server Message Block (SMB) protocol, which handles file and printer sharing. Exploiting it enables remote code execution on vulnerable servers, potentially leading to full system compromise.

## Quick Summary of Key Aspects

* **Vulnerability Name:** CVE-2020-0796, "SMBGhost," "EternalDarkness".
* **Vulnerability Type:** Remote Code Execution (RCE).
* **Affected Protocol:** Microsoft Server Message Block (SMBv3).
* **Impact:** Unauthorized access, data compromise, full system control.
* **Propagation:** "Wormable" category, meaning it can rapidly propagate across networked systems.

## Table of Contents

* [Technical Details](#technical-details)
* [Affected Systems](#affected-systems)
* [Existence in the Wild](#existence-in-the-wild)
* [Ethical Exploitation Plan](#ethical-exploitation-plan)
* [Mitigation](#mitigation)
* [References](#references)

## Technical Details

CVE-2020-0796 is characterized by its association with the Microsoft Server Message Block (SMB) protocol. It is classified as a remote code execution vulnerability, meaning malicious actors can exploit it to execute code on a target system remotely without authentication.

For a detailed breakdown, refer to [VULNERABILITY_DETAILS.md](VULNERABILITY_DETAILS.md).

## Affected Systems

This critical vulnerability affects the Microsoft Server Message Block (SMBv3) protocol in certain versions of Microsoft Windows operating systems.

The following versions are specifically affected:

* **Windows 10:**
    * 1903 for 32-bit Systems.
    * 1903 for 64-bit Systems.
    * 1903 for ARM64-based Systems.
    * 1909 for 32-bit Systems.
    * 1909 for 64-bit Systems.
    * 1909 for ARM64-based Systems.
* **Windows Server:**
    * Server 2013 for Server Core installation.
    * Server 2019 for Server Core installation.

## Existence in the Wild

Shodan provides data on active and vulnerable systems affected by CVE-2020-0796. There are approximately 193,665 results available for this particular vulnerability, also showing application statistics.
<img width="452" alt="image" src="https://github.com/user-attachments/assets/be185a1c-1bac-4527-aa99-532009c85a8b" />



## Ethical Exploitation Plan

The objective of this plan is to demonstrate the potential impact of CVE-2020-0796 on a vulnerable Windows system within a controlled and ethical environment. This demonstration aims to showcase the severity of the vulnerability for educational and research purposes.

For detailed steps on how to ethically exploit this vulnerability, refer to [ATTACK_PLAN.md](ATTACK_PLAN.md).

## Mitigation

To mitigate the risks associated with CVE-2020-0796, prompt application of Microsoft's security updates is essential. Proactive security measures and vigilant monitoring are crucial in today's digital landscape.

## Conclusion

CVE-2020-0796 is a critical vulnerability with the potential for rapid network propagation. Exploiting this flaw can lead to unauthorized access, full system compromise, and malware dissemination. This vulnerability highlights the ongoing importance of cybersecurity and the need for preventive actions to create a safer digital environment.


## References

Please refer to [REFERENCES.md](REFERENCES.md) for a comprehensive list of sources.

文件快照


 [4.0K]  /data/pocs/26a5db612180541e57b3a177bfd1a5ea2bc7460b
├── [1.6K]  ATTACK_PLAN.md
├── [4.0K]  CVE_2020_0796-master
│   ├── [ 42K]  CVE_2020_0796_Payload.py
│   ├── [4.0K]  Offset
│   │   ├── [1.7K]  offset.bat
│   │   └── [4.0K]  tools
│   │       ├── [149K]  cdb.exe
│   │       ├── [1.8M]  dbghelp.dll
│   │       ├── [ 22K]  dumpbin.exe
│   │       ├── [1.6M]  link.exe
│   │       ├── [576K]  msvcp140.dll
│   │       ├── [244K]  symsrv.dll
│   │       ├── [255K]  tbbmalloc.dll
│   │       ├── [ 43K]  vcruntime140_1.dll
│   │       └── [ 98K]  vcruntime140.dll
│   ├── [1.1K]  Scanner.py
│   ├── [ 18K]  smbghost_kshellcode_x64.asm
│   └── [4.0K]  SystemCrashTest
│       └── [4.7K]  Crash_Test.py
├── [4.5K]  Exploitation.md
├── [3.5K]  README.md
├── [ 882]  REFERENCES.md
└── [2.7K]  VULNERABILITY_DETAILS.md

4 directories, 19 files

神龙机器人已为您缓存

备注

1. 建议优先通过来源进行访问。

2. 如果因为来源失效或无法访问，请发送邮箱到 f.jinxu#gmail.com 索取本地快照（把 # 换成 @）。

3. 神龙已为您对POC代码进行快照，为了长期维护，请考虑为本地POC付费，感谢您的支持。