CVE-2020-0796 PoC — 微软 Microsoft SMBv3 缓冲区错误漏洞

Source

https://github.com/GuoKerS/aioScan_CVE-2020-0796

Associated Vulnerability

Title:微软 Microsoft SMBv3 缓冲区错误漏洞 (CVE-2020-0796)
Description:A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka 'Windows SMBv3 Client/Server Remote Code Execution Vulnerability'.

Description

基于asyncio（协程）的CVE-2020-0796 速度还是十分可观的，方便运维师傅们对内网做下快速检测。

Readme

# aioScan_CVE-2020-0796

# 前言

在公开的POC基础上利用协程大幅提升了检测速度，方便运维师傅们快速的对内网进行检测。

## 影响版本
```
Windows 10 Version 1903 for 32-bit Systems

Windows 10 Version 1903 for x64-based Systems

Windows 10 Version 1903 for ARM64-based Systems

Windows Server, Version 1903 (Server Core installation)

Windows 10 Version 1909 for 32-bit Systems

Windows 10 Version 1909 for x64-based Systems

Windows 10 Version 1909 for ARM64-based Systems

Windows Server, Version 1909 (Server Core installation)
```
## 修复建议
参考微软的临时解决方案
[ADV200005 | Microsoft Guidance for Disabling SMBv3 Compression](https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200005)

使用powershell来禁止SMBv3服务的压缩（无需重启）
```powershell
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" DisableCompression -Type DWORD -Value 1 -Force

```
# 用法
~~请使用python3.5及以上的版本运行。~~
请使用python3.7及以上的版本运行（由于asyncio.run是3.7新增的API，我只考虑到了async\await 是3.5新增的语法）

ip地址处理使用了第三方库 netaddr 
```
pip3 install netaddr
```
![](https://photo.o0o0.club/_基于协程的CVE-2020-0796检测脚本/1584228250694.png)


如果不想显示连接超时的ip信息，可以把39行换成pass

File Snapshot

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!