-
Notifications
You must be signed in to change notification settings - Fork 13.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
TeamViewer URI SMB exploit (CVE-2020-13699) #13989
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks @h00die for this module. I just left a couple of small comments related to typos in the documentation.
documentation/modules/auxiliary/server/teamviewer_uri_smb_redirect.md
Outdated
Show resolved
Hide resolved
documentation/modules/auxiliary/server/teamviewer_uri_smb_redirect.md
Outdated
Show resolved
Hide resolved
This has been tested against Teamviewer v8.0.16642 and v15.4.4445. Both versions connect to the controlled SMB server as expected. |
all done, added 8.0.16642 to the list of confirmed versions as well. |
Thank you! I'll go ahead and land it shortly. |
Original Release Notes |
Release NotesNew module |
This adds an HTTP server which responds to Firefox (all other browsers aren't exploitable) with an iframe that will force TeamViewer to create an SMB connection to a server of our choice. Exploits CVE-2020-13699. This is an unbelievably simple exploit.
I can provide the Teamviewer 15.4.4445 installer binary if needed.
Verification
use auxiliary/server/teamviewer_uri_smb_redirect
set SMB_SERVER [IP]
run
@jeffssh FYI.
I also wanted to note I emailed @jeffssh about this exploit with a question. They answered back immediately and were super nice answering my questions, so just wanted to say thanks and show appreciation!