CVE-2020-0796 PoC — 微软 Microsoft SMBv3 缓冲区错误漏洞

Source

https://github.com/Almorabea/SMBGhost-LPE-Metasploit-Module

Associated Vulnerability

Title:微软 Microsoft SMBv3 缓冲区错误漏洞 (CVE-2020-0796)
Description:A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka 'Windows SMBv3 Client/Server Remote Code Execution Vulnerability'.

Description

This is an implementation of the CVE-2020-0796 aka SMBGhost vulnerability, compatible with the Metasploit Framework

Readme

# SMBGhost-LPE-Metasploit-Module
This is an implementation of the CVE-2020-0796 aka SMBGhost vulnerability, compatible with the Metasploit Framework

# Notes:
- This module made to be used when you have a valid shell to escalate your privileges.
- You can change the payload, if you want to have your custom dll shellcode or if you want to encode it in some way.
- The exe file is edited to evade detection and made it applicable to run and inject the dll shellcode.

# Demo 
![](demo.gif)

# Credits
- Credits for exploit authers {Daniel García Gutiérrez,Manuel Blanco Parajón}.
- Credits also for Spencer McIntyre for his greate code too.

# References
- https://github.com/danigargu/CVE-2020-0796
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/adv200005
- https://github.com/Almorabea/SMBGhost-WorkaroundApplier

File Snapshot


 [4.0K]  /data/pocs/517d737b4d6bbb0c1aa37f8a25c67e75a896b098
├── [588K]  cve_2020_0796_payload.exe
├── [ 12M]  demo.gif
├── [ 840]  README.md
└── [5.4K]  smbghost_PrivEsc.rb

0 directories, 4 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!