Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-0787 PoC — Microsoft Windows 安全漏洞

Source
https://github.com/yanghaoi/CVE-2020-0787
Associated Vulnerability
Title:Microsoft Windows 安全漏洞 (CVE-2020-0787)
Description:Microsoft Windows是美国微软(Microsoft)公司的一套个人设备使用的操作系统。 Microsoft Windows Background Intelligent Transfer Service (BITS) 存在安全漏洞,攻击者利用该漏洞可通过特殊设计的应用程序控制受影响的系统。
Description
CVE-2020-0787的简单回显
Readme

## CVE-2020-0787(named pipe)
It's Just A Demo,Do not use in real.

-Get result for Command execution(Use cmd /c):
`exp.exe "cmd /c whoami > \\\\.\\pipe\\showme " show`

-Run beacon.exe:
`exp.exe "C:/beacon.exe"`

![](https://cdn.jsdelivr.net/gh/yanghaoi/CVE-2020-0787@latest/index.gif)

## For CobaltStrike
It's better one than current project:
https://github.com/yanghaoi/ReflectiveDllSource/tree/master/CVE-2020-0787_CNA

## Reference 
Source from: https://github.com/cbwang505/CVE-2020-0787-EXP-ALL-WINDOWS-VERSION
File Snapshot

 [4.0K]  /data/pocs/ca40f53593e413c018c4f6bc8ffd5c724a53625c
├── [4.0K]  BitsArbitraryFileMove
│   ├── [ 19K]  BitsArbitraryFileMove.cpp
│   ├── [2.0K]  BitsArbitraryFileMove.h
│   ├── [8.2K]  BitsArbitraryFileMove.vcxproj
│   ├── [1.3K]  BitsArbitraryFileMove.vcxproj.filters
│   ├── [ 168]  BitsArbitraryFileMove.vcxproj.user
│   ├── [8.6K]  CBitsCom.cpp
│   └── [1.2K]  CBitsCom.h
├── [4.0K]  BitsArbitraryFileMoveExploit
│   ├── [ 27K]  BitsArbitraryFileMoveExploit.cpp
│   ├── [8.5K]  BitsArbitraryFileMoveExploit.vcxproj
│   ├── [1.1K]  BitsArbitraryFileMoveExploit.vcxproj.filters
│   ├── [ 839]  BitsArbitraryFileMoveExploit.vcxproj.user
│   └── [ 513]  resource.h
├── [2.9K]  BitsArbitraryFileMove.sln
├── [ 38K]  BitsArbitraryFileMove.v12.suo
├── [4.0K]  CommonUtils
│   ├── [3.7K]  CommonUtils.cpp
│   ├── [1.0K]  CommonUtils.h
│   ├── [8.1K]  CommonUtils.vcxproj
│   ├── [2.7K]  CommonUtils.vcxproj.filters
│   ├── [ 168]  CommonUtils.vcxproj.user
│   ├── [2.0K]  DirectoryObject.cpp
│   ├── [4.5K]  FileOpLock.cpp
│   ├── [ 789]  FileOpLock.h
│   ├── [5.0K]  FileSymlink.cpp
│   ├── [ 588]  FileSymlink.h
│   ├── [1.6K]  Hardlink.cpp
│   ├── [2.0K]  NativeSymlink.cpp
│   ├── [2.2K]  ntimports.h
│   ├── [5.2K]  RegistrySymlink.cpp
│   ├── [ 13K]  ReparsePoint.cpp
│   ├── [1.2K]  ReparsePoint.h
│   ├── [1.8K]  ScopedHandle.cpp
│   ├── [ 498]  ScopedHandle.h
│   ├── [ 298]  stdafx.cpp
│   ├── [ 270]  stdafx.h
│   ├── [ 314]  targetver.h
│   └── [1.3K]  typed_buffer.h
├── [159K]  index.gif
├── [ 528]  README.md
├── [4.0K]  Release
│   └── [172K]  BitsArbitraryFileMoveExploit.exe
└── [4.0K]  x64
    └── [4.0K]  Release
        └── [206K]  BitsArbitraryFileMoveExploit.exe

6 directories, 40 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.