# MS17-010
MS17-010 is the Microsoft security bulletin which fixes several remote code execution vulnerabilities in the SMB service on Windows systems.
There are numerous things about MS17-010 that make it esoteric, such as manipulating the Windows kernel pool heap allocations, running remote Windows ring 0 shellcode, and the intricacies of the different SMB protocol versions.
We previously improved the ExtraBacon exploit. https://github.com/RiskSense-Ops/CVE-2016-6366
## Scanners
There is a Metasploit scanner and a Python port. The scanners are able to use uncredentialed information leakage to determine if the MS17-010 patch is installed on a host. If it is not installed, it will also check for a DoublePulsar infections.
## Exploits
There is a Python script that can reliably infect Windows Server 2008 R2 SP1 with DoublePulsar using the same technique as EternalBlue.
## Payloads
Windows ring 0 shellcode is being crafted so that instead of DoublePulsar, the transition from ring 0 to ring 3 and running usermode payloads, directly with or without DLL, is done in a single step. The size of the code is also being reworked, as the original shellcode appears to be compiler output, in order to accomodate more complex userland payloads in the first stage.
## Resources
- https://zerosum0x0.blogspot.com/2017/04/doublepulsar-initial-smb-backdoor-ring.html
- https://countercept.com/our-thinking/analyzing-the-doublepulsar-kernel-dll-injection-technique/
- https://www.rapid7.com/db/modules/auxiliary/scanner/smb/smb_ms17_010
### Credits
- @zerosum0x0
- @jennamagius
- @The_Naterz
- @Aleph___Naught
- @nixawk
- @JukeLennings (Countercept)
### Acknowledgements
- Shadow Brokers
- Equation Group
- skape
- Stephen Fewer
没有合适的资源?快使用搜索试试~ 我知道了~
资源推荐
资源详情
资源评论
收起资源包目录
MS17-010-master.zip (12个子文件)
MS17-010-master
scanners
smb_ms17_010.rb 8KB
smb_ms17_010.py 15KB
LICENSE 11KB
payloads
x64
src
kernel
find_nt_idt.asm 654B
find_process_name.asm 433B
insert_queue_apc.asm 2KB
single
createthread.asm 1KB
block
block_api_direct.asm 3KB
README.md 2KB
.gitignore 1KB
exploits
eternalblue
eternalblue.replay 315KB
eternalblue.py 1KB
共 12 条
- 1
资源评论
- 光与火花2023-07-26这个文件提供了一个非常有用的解决方案,可以帮助用户快速发现和修复漏洞。
- 宏馨2023-07-26这个文件提供了一个实用而简单的工具,帮助用户快速检测和修复可能存在的安全风险。
- 禁忌的爱2023-07-26这个文件写得很清晰,具体说明了如何使用Python脚本来验证和利用该漏洞。
- 战神哥2023-07-26这个文件给出了一个简洁、直接的示例,让人们能够更好地理解如何利用该漏洞。
- 点墨楼2023-07-26使用这个文件,您可以轻松地测试您的系统是否受到此漏洞的影响,以保护您的数据安全。
asdaserwetwet
- 粉丝: 3
- 资源: 9
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功