Outline
•
Introduction"
•
Vulnerability - CVE-2020-0796"
•
Exploitation of SMBGhost"
•
From crash to arbitrary memory writing"
•
How can we get code execution from arbitrary memory writing in the past"
•
Method 1 - System root hijack (need some condition)"
•
Method 2 - Abusing MDL
Outline
•
Introduction"
•
Vulnerability - CVE-2020-0796"
•
Exploitation of SMBGhost"
•
From crash to arbitrary memory writing"
•
How can we get code execution from arbitrary memory writing in the past"
•
Method 1 - System root hijack (need some condition)"
•
Method 2 - Abusing MDL
Introduction
•
Server Message Block (SMB) 是 Windows 中常⾒共享檔案的協定,基本上只
要安裝完 Windows 就會在 445 port 開啟這樣的協定,在企業中更是常⾒"
•
MS17-010 "
•
EternalBlue"
•
WannaCry"
•
CVE-2020-0796"
•
SMBGhost
