Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2022-34715 PoC — Microsoft Windows Network File System 安全漏洞

Source
https://github.com/Starssgo/CVE-2022-34715-POC
Associated Vulnerability
Title:Microsoft Windows Network File System 安全漏洞 (CVE-2022-34715)
Description:Microsoft Windows Network File System是美国微软(Microsoft)公司的一种文件共享解决方案,可让您使用 NFS 协议在运行 Windows Server 和 UNIX 操作系统的计算机之间传输文件。 Microsoft Windows Network File System存在安全漏洞。以下产品和版本受到影响:Windows Server 2022,Windows Server 2022 (Server Core installation)
Description
CVE-2022-34715-POC pcap
Readme
# CVE-2022-34715-POC
CVE-2022-34715-POC pcap  
nfssvr.sys version 10.0.20348.825
```
0: kd> r
rax=0000000080000001 rbx=0000000000000000 rcx=ffffde87fe461150
rdx=0000000000000000 rsi=fffff8040811aa50 rdi=0000000000000008
rip=fffff80408067dbb rsp=ffffb400eb3e2630 rbp=ffffb400eb3e26b9
 r8=0000001000000020  r9=ffff870fe95d40a4 r10=fffff80409b8cec0
r11=0000000000000381 r12=0000000080000001 r13=0000000000000002
r14=ffffde87fe461150 r15=fffff8040810d898
iopl=0         nv up ei pl nz na pe nc
cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00040202
nfssvr!Nfs4SrvAclBuildWindowsAclsFromNfsAcl+0x39f:
fffff804`08067dbb e880f10900      call    nfssvr!memset (fffff804`08106f40)
0: kd> !pool rcx
Pool page ffffde87fe461150 region is Paged pool
 ffffde87fe461020 size:   30 previous size:    0  (Allocated)  CMNb
 ffffde87fe461050 size:   30 previous size:    0  (Allocated)  FLSk
 ffffde87fe461080 size:   30 previous size:    0  (Free)       Ntf0
 ffffde87fe4610b0 size:   30 previous size:    0  (Free)       SeUs
 ffffde87fe4610e0 size:   30 previous size:    0  (Allocated)  CMNb
 ffffde87fe461110 size:   30 previous size:    0  (Allocated)  Ntf0
*ffffde87fe461140 size:   30 previous size:    0  (Allocated) *TEMP
		Owning component : Unknown (update pooltag.txt)
1: kd> g
KDTARGET: Refreshing KD connection
.
.
.
nt!DbgBreakPointWithStatus:
fffff803`06c2f460 cc              int     3
1: kd> k
 # Child-SP          RetAddr               Call Site
00 ffffbf0f`b8e449e8 fffff803`06d643d2     nt!DbgBreakPointWithStatus
01 ffffbf0f`b8e449f0 fffff803`06d63c1d     nt!KiBugCheckDebugBreak+0x12
02 ffffbf0f`b8e44a50 fffff803`06c26ef7     nt!KeBugCheck2+0xa7d
03 ffffbf0f`b8e451b0 fffff803`06aea9a7     nt!KeBugCheckEx+0x107
04 ffffbf0f`b8e451f0 fffff803`06ac486e     nt!MiSystemFault+0xa77
05 ffffbf0f`b8e452f0 fffff803`06c359b5     nt!MmAccessFault+0x2ee
06 ffffbf0f`b8e45490 fffff803`04d270b5     nt!KiPageFault+0x335
07 ffffbf0f`b8e45620 fffff803`04c87dc0     nfssvr!_memset_repmovs+0x35
08 ffffbf0f`b8e45630 fffff803`04c7af07     nfssvr!Nfs4SrvAclBuildWindowsAclsFromNfsAcl+0x3a4
09 ffffbf0f`b8e45710 fffff803`04c7cd47     nfssvr!Nfs4SrvFhcpSet_fattr4_acl+0x37
0a ffffbf0f`b8e45750 fffff803`04c40fba     nfssvr!Nfs4SrvFhcSetAttributes+0x333
0b ffffbf0f`b8e45830 fffff803`04c29fac     nfssvr!Nfs4SrvOpSetAttr+0x36a
0c ffffbf0f`b8e458e0 fffff803`04c2a52e     nfssvr!Nfs4SrvCpProcessCompound+0x4cc
0d ffffbf0f`b8e45980 fffff803`04c2a755     nfssvr!Nfs4SrvInPacketInternal+0x262
0e ffffbf0f`b8e459f0 fffff803`04c2177f     nfssvr!Nfs4SrvDispatch+0x125
0f ffffbf0f`b8e45a30 fffff803`04c219e1     nfssvr!NfsSrvMessage+0x5b3
10 ffffbf0f`b8e45ad0 fffff803`0b5d5938     nfssvr!NfsSrvTcpMessage+0x11
11 ffffbf0f`b8e45b00 00000000`00000000     0xfffff803`0b5d5938
```
File Snapshot

 [4.0K]  /data/pocs/751f6d11ae11e230c155f8139dadc0b7fdd1dcd1
├── [4.5K]  CVE-2022-34715-poc.pcapng
└── [2.7K]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.