Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-0796 PoC — 微软 Microsoft SMBv3 缓冲区错误漏洞

Source
https://github.com/jamf/SMBGhost-SMBleed-scanner
Associated Vulnerability
Title:微软 Microsoft SMBv3 缓冲区错误漏洞 (CVE-2020-0796)
Description:A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka 'Windows SMBv3 Client/Server Remote Code Execution Vulnerability'.
Description
SMBGhost (CVE-2020-0796) and SMBleed (CVE-2020-1206) Scanner
Readme
# SMBGhost (CVE-2020-0796) and SMBleed (CVE-2020-1206) Scanner

(c) 2020 ZecOps, Inc. - https://www.zecops.com - Find Attackers' Mistakes  
Intended only for educational and testing in corporate environments.  
ZecOps takes no responsibility for the code, use at your own risk.  
Please contact sales@ZecOps.com if you are interested in agent-less DFIR tools for Servers, Endpoints, and Mobile Devices to detect SMBGhost, SMBleed and other types of attacks automatically.

## Usage

`SMBGhost-SMBleed-scanner.py target_ip`

The scanner will report whether the target machine is vulnerable to SMBGhost and/or SMBleed.

**Note:** The scanner will crash the target machine if it's running an unpatched Windows 10 version 1903. The crash is caused by a null dereference bug which is fixed by the **KB4512941** update.

## References

* [Vulnerability Reproduction: CVE-2020-0796 POC - ZecOps Blog](https://blog.zecops.com/vulnerabilities/vulnerability-reproduction-cve-2020-0796-poc/)
* [SMBleedingGhost Writeup: Chaining SMBleed (CVE-2020-1206) with SMBGhost - ZecOps Blog](https://blog.zecops.com/vulnerabilities/smbleedingghost-writeup-chaining-smbleed-cve-2020-1206-with-smbghost/)
* [CVE-2020-0796 - Microsoft Security Response Center](https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0796)
* [CVE-2020-1206 - Microsoft Security Response Center](https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-1206)
File Snapshot

 [4.0K]  /data/pocs/677ba8e68969e8b3a5124d398e507277a8d3c87e
├── [ 169]  LICENSE
├── [1.4K]  README.md
└── [ 13K]  SMBGhost-SMBleed-scanner.py

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →