Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1110 CNY

100%
Buy Us a Coffee

CVE-2020-0796 PoC — 微软 Microsoft SMBv3 缓冲区错误漏洞

Source
https://github.com/maqeel-git/CVE-2020-0796
Associated Vulnerability
Title:微软 Microsoft SMBv3 缓冲区错误漏洞 (CVE-2020-0796)
Description:A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka 'Windows SMBv3 Client/Server Remote Code Execution Vulnerability'.
Readme
# CVE-2020-0796: SMBGhost - Analysis and Ethical Exploitation

## Introduction

CVE-2020-0796, also known as "SMBGhost," is a critical security vulnerability affecting Microsoft Windows operating systems. It falls under the "wormable" category, meaning it can rapidly propagate across networked systems. This vulnerability resides in Microsoft's Server Message Block (SMB) protocol, which handles file and printer sharing. Exploiting it enables remote code execution on vulnerable servers, potentially leading to full system compromise.

## Quick Summary of Key Aspects

* **Vulnerability Name:** CVE-2020-0796, "SMBGhost," "EternalDarkness".
* **Vulnerability Type:** Remote Code Execution (RCE).
* **Affected Protocol:** Microsoft Server Message Block (SMBv3).
* **Impact:** Unauthorized access, data compromise, full system control.
* **Propagation:** "Wormable" category, meaning it can rapidly propagate across networked systems.

## Table of Contents

* [Technical Details](#technical-details)
* [Affected Systems](#affected-systems)
* [Existence in the Wild](#existence-in-the-wild)
* [Ethical Exploitation Plan](#ethical-exploitation-plan)
* [Mitigation](#mitigation)
* [References](#references)

## Technical Details

CVE-2020-0796 is characterized by its association with the Microsoft Server Message Block (SMB) protocol. It is classified as a remote code execution vulnerability, meaning malicious actors can exploit it to execute code on a target system remotely without authentication.

For a detailed breakdown, refer to [VULNERABILITY_DETAILS.md](VULNERABILITY_DETAILS.md).

## Affected Systems

This critical vulnerability affects the Microsoft Server Message Block (SMBv3) protocol in certain versions of Microsoft Windows operating systems.

The following versions are specifically affected:

* **Windows 10:**
    * 1903 for 32-bit Systems.
    * 1903 for 64-bit Systems.
    * 1903 for ARM64-based Systems.
    * 1909 for 32-bit Systems.
    * 1909 for 64-bit Systems.
    * 1909 for ARM64-based Systems.
* **Windows Server:**
    * Server 2013 for Server Core installation.
    * Server 2019 for Server Core installation.

## Existence in the Wild

Shodan provides data on active and vulnerable systems affected by CVE-2020-0796. There are approximately 193,665 results available for this particular vulnerability, also showing application statistics.
<img width="452" alt="image" src="https://github.com/user-attachments/assets/be185a1c-1bac-4527-aa99-532009c85a8b" />



## Ethical Exploitation Plan

The objective of this plan is to demonstrate the potential impact of CVE-2020-0796 on a vulnerable Windows system within a controlled and ethical environment. This demonstration aims to showcase the severity of the vulnerability for educational and research purposes.

For detailed steps on how to ethically exploit this vulnerability, refer to [ATTACK_PLAN.md](ATTACK_PLAN.md).

## Mitigation

To mitigate the risks associated with CVE-2020-0796, prompt application of Microsoft's security updates is essential. Proactive security measures and vigilant monitoring are crucial in today's digital landscape.

## Conclusion

CVE-2020-0796 is a critical vulnerability with the potential for rapid network propagation. Exploiting this flaw can lead to unauthorized access, full system compromise, and malware dissemination. This vulnerability highlights the ongoing importance of cybersecurity and the need for preventive actions to create a safer digital environment.


## References

Please refer to [REFERENCES.md](REFERENCES.md) for a comprehensive list of sources.
File Snapshot

 [4.0K]  /data/pocs/26a5db612180541e57b3a177bfd1a5ea2bc7460b
├── [1.6K]  ATTACK_PLAN.md
├── [4.0K]  CVE_2020_0796-master
│   ├── [ 42K]  CVE_2020_0796_Payload.py
│   ├── [4.0K]  Offset
│   │   ├── [1.7K]  offset.bat
│   │   └── [4.0K]  tools
│   │       ├── [149K]  cdb.exe
│   │       ├── [1.8M]  dbghelp.dll
│   │       ├── [ 22K]  dumpbin.exe
│   │       ├── [1.6M]  link.exe
│   │       ├── [576K]  msvcp140.dll
│   │       ├── [244K]  symsrv.dll
│   │       ├── [255K]  tbbmalloc.dll
│   │       ├── [ 43K]  vcruntime140_1.dll
│   │       └── [ 98K]  vcruntime140.dll
│   ├── [1.1K]  Scanner.py
│   ├── [ 18K]  smbghost_kshellcode_x64.asm
│   └── [4.0K]  SystemCrashTest
│       └── [4.7K]  Crash_Test.py
├── [4.5K]  Exploitation.md
├── [3.5K]  README.md
├── [ 882]  REFERENCES.md
└── [2.7K]  VULNERABILITY_DETAILS.md

4 directories, 19 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →