CVE-2020-0796 PoC — 微软 Microsoft SMBv3 缓冲区错误漏洞

Source

Associated Vulnerability

Title:微软 Microsoft SMBv3 缓冲区错误漏洞 (CVE-2020-0796)
Description:A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka 'Windows SMBv3 Client/Server Remote Code Execution Vulnerability'.

Description

SMBGhost (CVE-2020-0796) threaded scanner

Readme

# SMBGhost
Simple threaded scanner for CVE-2020-0796 - SMBv3 RCE.

The scanner is for meant only for testing whether a server is vulnerable. It is not meant for research or development, hence the fixed payload. 

It checks for SMB dialect 3.1.1 and compression capability through a negotiate request.

A network dump of the scanner running against a Windows 2019 Server (10.0.0.133) can be found under `https://github.com/ollypwn/SMBGhost/blob/master/SMBGhost.pcap`. 

`python3 scanner.py -r <CIDR range> <-t threads> <-v verbose> <-o output file>`
## Usage

## Workarounds
[ADV200005 | Microsoft Guidance for Disabling SMBv3 Compression](https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/adv200005)

```
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" DisableCompression -Type DWORD -Value 1 -Force
```
# Credits
* https://github.com/ollypwn/SMBGhost

File Snapshot


 [4.0K]  /data/pocs/5086c09849ac066779d7ee5da5fe53db1dc2ab61
├── [ 910]  README.md
├── [  16]  requirements.txt
└── [4.5K]  scanner.py

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!