This repo just simply research for the CVE, for more detailed ananlysis,please refer here.
UPDATE:05/19 2022
This ananlyze hasn't been finished yet....
Here is reproduce code for Windows RPC Vuln CVE-2022-26809
, and it refer https://github.com/microsoft/Windows-classic-samples/blob/main/Samples/Win7Samples/netds/rpc/hello.
If have any better solution to trigger this vuln, feel free to submit issue or pr :)
My python version is 3.6.7
the poc.py
just try to trigger the vuln functionOSF_SCALL::GetCoalescedBuffer
, it wouldn't cause any crash because dword integer overflow is too hard to reproduce.And the rpcrt.py
is the python package impacket.dcerpc.v5.rpcrt
,just replace it with origin to trigger vuln(Remember to backup the origin one :) I believe the rpcrt.py
has a huge of bugs).
If it not work, maybe wireshark can help to locate the bug.
if necessary, just use nmake
to rebuild it