CVE-2020-0796

Windows SMBv3 LPE Exploit

test

windows server 2012 R2 Datacenter 
Microsoft Windows [版本 6.3.9600]
Injecting shellcode in winlogon... 
Could not open process

Authors

• Daniel García Gutiérrez (@danigargu)
• Manuel Blanco Parajón (@dialluvioso_)

References

• https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0796
• https://www.synacktiv.com/posts/exploit/im-smbghost-daba-dee-daba-da.html
• https://www.fortinet.com/blog/threat-research/cve-2020-0796-memory-corruption-vulnerability-in-windows-10-smb-server.html#.Xndfn0lv150.twitter
• https://www.mcafee.com/blogs/other-blogs/mcafee-labs/smbghost-analysis-of-cve-2020-0796/
• http://blogs.360.cn/post/CVE-2020-0796.html
• https://blog.zecops.com/vulnerabilities/vulnerability-reproduction-cve-2020-0796-poc/