Skip to content

Commit

Permalink
Repair section Description Error:watermelon:
Browse files Browse the repository at this point in the history
  • Loading branch information
Ascotbe committed Mar 12, 2021
1 parent 71de0d3 commit 4bc0472
Show file tree
Hide file tree
Showing 54 changed files with 383 additions and 424 deletions.
36 changes: 18 additions & 18 deletions CVE-2003-0352/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -6,27 +6,27 @@

#### 影响版本

| Product | CPU Architecture | Version | Update | Tested |
| ------------------ | ---------------- | ------- | ------ | ------------------ |
| Windows 2000 | | | | |
| Windows 2000 | | | SP1 | |
| Windows 2000 | | | SP2 | |
| Windows 2000 | | | SP3 | |
| Windows 2000 | | | SP4 | :heavy_check_mark: |
| Windows Server2003 | | R2 | | |
| Windows Nt | | | SP1 | |
| Windows Nt | | 4.0 | SP2 | |
| Windows Nt | | 4.0 | SP3 | |
| Windows Nt | | 4.0 | SP4 | |
| Windows Nt | | 4.0 | SP5 | |
| Windows Nt | | 4.0 | Sp6a | |
| Windows Nt | | 4.0 | SP6 | |
| Windows Xp | | | SP1 | |
| Windows Xp | | | Gold | |
| Product | CPU Architecture | Version | Update | Tested |
| ------------------- | ---------------- | ------- | ------ | ------------------ |
| Windows 2000 | | | | |
| Windows 2000 | | | SP1 | |
| Windows 2000 | | | SP2 | |
| Windows 2000 | | | SP3 | |
| Windows 2000 | | | SP4 | :heavy_check_mark: |
| Windows Server 2003 | | R2 | | |
| Windows Nt | | | SP1 | |
| Windows Nt | | 4.0 | SP2 | |
| Windows Nt | | 4.0 | SP3 | |
| Windows Nt | | 4.0 | SP4 | |
| Windows Nt | | 4.0 | SP5 | |
| Windows Nt | | 4.0 | Sp6a | |
| Windows Nt | | 4.0 | SP6 | |
| Windows Xp | | | SP1 | |
| Windows Xp | | | Gold | |

#### 利用方式

测试系统windows 2000 sp4 x86
测试系统Windows 2000 SP4 x86

```
use exploit/windows/dcerpc/ms03_026_dcom
Expand Down
2 changes: 1 addition & 1 deletion CVE-2006-3439/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@

#### 利用方式

msf 利用 测试系统windows server 2000 sp4 x86
msf 利用 测试系统Windows Server 2000 SP4 x86

```
use exploit/windows/smb/ms06_040_netapi
Expand Down
2 changes: 1 addition & 1 deletion CVE-2008-1084/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,6 @@

#### 利用方式

测试系统windows server 2003 sp2 x86
测试系统Windows Server 2003 SP2 x86

![27](https://github.com/Ascotbe/Random-img/blob/master/WindowsKernelExploits/CVE-2008-1084_win2003_x86.gif?raw=true)
22 changes: 10 additions & 12 deletions CVE-2008-3464/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -6,21 +6,19 @@

#### 影响版本

| Product | CPU Architecture | Version | Update | Tested |
| ------------------- | ---------------- | ------- | ------ | ------ |
| Windows Server 2003 | | | SP1 | |
| Windows Server 2003 | | | SP2 | |
| Windows Server 2003 | | | SP3 | |
| Windows Server 2003 | | | | |
| Windows Xp | | | | |
| Windows Xp | | | SP2 | |
| Windows Xp | | | SP3 | |
| Product | CPU Architecture | Version | Update | Tested |
| ------------------- | ---------------- | ------- | ------ | ------------------ |
| Windows Server 2003 | | | SP1 | |
| Windows Server 2003 | | | SP2 | :heavy_check_mark: |
| Windows Server 2003 | | | SP3 | |
| Windows Server 2003 | | | | |
| Windows Xp | | | | |
| Windows Xp | | | SP2 | |
| Windows Xp | | | SP3 | |

#### 利用方式

只找到可执行exe文件,测试系统windows server 2003 sp2 x86


只找到可执行exe文件,测试系统Windows Server 2003 SP2 x86

![26](https://github.com/Ascotbe/Random-img/blob/master/WindowsKernelExploits/CVE-2008-3464_win2003_x86.gif?raw=true)

2 changes: 1 addition & 1 deletion CVE-2008-4037/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@

#### 利用方式

使用msf 测试系统windows server 2003 sp2 x86
使用msf 测试系统Windows Server 2003 SP2 x86

```
use exploit/windows/smb/smb_relay
Expand Down
2 changes: 1 addition & 1 deletion CVE-2008-4250/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ Pre-Beta中的Server服务允许远程攻击者通过精心设计的RPC请求执

#### 利用方式

使用msf 测试系统windows server 2003 sp2 x86
使用msf 测试系统Windows Server 2003 SP2 x86

```
use exploit/windows/smb/ms08_067_netapi
Expand Down
2 changes: 1 addition & 1 deletion CVE-2009-2532/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@

#### 利用方式

利用msf 测试系统windows server 2008 sp2 x86
利用msf 测试系统Windows Server 2008 SP2 x86

```
use exploit/windows/smb/ms09_050_smb2_negotiate_func_index
Expand Down
4 changes: 2 additions & 2 deletions CVE-2010-0233/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -24,13 +24,13 @@

- nmake 2013

测试系统windows server 2003 sp2 x86
测试系统Windows Server 2003 SP2 x86

![25](https://github.com/Ascotbe/Random-img/blob/master/WindowsKernelExploits/CVE-2010-0233_win2003_x86.gif?raw=true)

> msf利用
测试系统windows server 2003 sp2 x86,执行以下代码
测试系统Windows Server 2003 SP2 x86,执行以下代码

```
use exploit/windows/local/ms10_015_kitrap0d
Expand Down
2 changes: 1 addition & 1 deletion CVE-2010-1897/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ win32k.sys中的Windows内核模式驱动程序无法正确验证伪句柄值

#### 利用方式

测试系统windows server 2003 sp2 x86
测试系统Windows Server 2003 SP2 x86

![24](https://github.com/Ascotbe/Random-img/blob/master/WindowsKernelExploits/CVE-2010-1897_win2003_x86.gif?raw=true)

31 changes: 8 additions & 23 deletions CVE-2010-2554/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -6,29 +6,14 @@

#### 影响版本

| Product | Version | Update | Edition | Tested |
| ------------------- | ------- | ------ | ------- | ------ |
| Windows 7 | - | | | |
| Windows Server 2008 | - | SP2 | Itanium | |
| Windows Server 2008 | | R2 | Itanium | |
| Windows Server 2008 | | R2 | X64 | |
| Windows Server 2008 | | SP2 | X32 | |
| Windows Server 2008 | | | Itanium | |
| Windows Server 2008 | | SP2 | X64 | |
| Windows Server 2008 | | | X32 | |
| Windows Server 2008 | | | X64 | |
| Windows Vista | - | SP1 | | |
| Windows Vista | - | SP2 | | |
| Windows Vista | | SP1 | X64 | |
| Windows Vista | | SP2 | | |
| Windows Vista | | SP2 | X64 | |
| Windows Vista | | SP1 | | |

#### 修复补丁

```
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2010-2554
```
| Product | CPU Architecture | Version | Update | Tested |
| ------------------- | ---------------- | ------- | ------ | ------ |
| Windows 7 | | | | |
| Windows Server 2008 | | SP2 | | |
| Windows Server 2008 | | R2 | | |
| Windows Server 2008 | | | | |
| Windows Vista | | | SP1 | |
| Windows Vista | | | SP2 | |

#### 利用方式

Expand Down
31 changes: 9 additions & 22 deletions CVE-2010-3338/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -6,31 +6,18 @@ Windows Task Scheduler无法正确确定计划任务的安全上下文,这使

#### 影响版本

| Product | Version | Update | Edition | Tested |
| ------------------- | ------- | ------ | ------- | ------ |
| Windows 7 | - | | | |
| Windows Server 2008 | - | SP2 | Itanium | |
| Windows Server 2008 | | | X64 | |
| Windows Server 2008 | | SP2 | X32 | |
| Windows Server 2008 | | SP2 | X64 | |
| Windows Server 2008 | | | Itanium | |
| Windows Server 2008 | | | X32 | |
| Windows Server 2008 | R2 | | X64 | |
| Windows Server 2008 | R2 | | Itanium | |
| Windows Vista | | SP1 | | |
| Windows Vista | | SP1 | X64 | |
| Windows Vista | | SP2 | | |
| Windows Vista | | SP2 | X64 | |

#### 修复补丁

```
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2010-3338
```
| Product | CPU Architecture | Version | Update | Tested |
| ------------------- | ---------------- | ------- | ------ | ------------------ |
| Windows 7 | | | | |
| Windows Server 2008 | | | SP2 | :heavy_check_mark: |
| Windows Server 2008 | | | | |
| Windows Server 2008 | | R2 | | |
| Windows Vista | | | SP1 | |
| Windows Vista | | | SP2 | |

#### 利用方式

测试系统 windows server 2008 sp2 x86,利用msf执行如下命令即可,x64版本msf不支持
测试系统 Windows Server 2008 SP2 x86,利用msf执行如下命令即可,x64版本msf不支持

```
use exploit/windows/local/ms10_092_schelevator
Expand Down
2 changes: 1 addition & 1 deletion CVE-2011-1249/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,6 @@ afd.sys中的辅助功能驱动程序(AFD)未正确验证用户模式输入
i686-w64-mingw32-gcc CVE-2011-1249.c -o CVE-2011-1249.exe -lws2_32
```

测试系统windows server 2003 sp2 x86和windows 7 sp1 x86都成功
测试系统Windows Server 2003 SP2 x86和Windows 7 SP1 x86都成功

![23](https://github.com/Ascotbe/Random-img/blob/master/WindowsKernelExploits/CVE-2011-1249_win2003_x86.gif?raw=true)
2 changes: 1 addition & 1 deletion CVE-2011-1974/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@
i686-w64-mingw32-gcc CVE-2011-1974.c -o CVE-2011-1974.exe -lws2_32
```

测试系统windows server 2003 sp2 x86,首先需要用管理员修改注册表和开启服务
测试系统Windows Server 2003 SP2 x86,首先需要用管理员修改注册表和开启服务

![image-20200822202222486](https://github.com/Ascotbe/Random-img/blob/master/WindowsKernelExploits/CVE-2011-1974_win2003_x86.png?raw=true)

Expand Down
2 changes: 1 addition & 1 deletion CVE-2011-2005/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@

#### 利用方式

测试系统windows server 2003 sp2 x86
测试系统Windows Server 2003 SP2 x86

![21](https://github.com/Ascotbe/Random-img/blob/master/WindowsKernelExploits/CVE-2011-2005_win2003_x86.gif?raw=true)

Expand Down
2 changes: 1 addition & 1 deletion CVE-2012-0217/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@

- VS2019(V100)X64 Release

测试系统windows server 2008 R2 ps1 x64
测试系统Windows Server 2008 R2 SP1 x64

![20](https://github.com/Ascotbe/Random-img/blob/master/WindowsKernelExploits/CVE-2012-0217_win2008_x64.gif?raw=true)

2 changes: 1 addition & 1 deletion CVE-2013-1332/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@
- VS2019(V120_xp)X86 Release
- 字符集需要替换成多字节字符集不然无法利用

测试系统windows server 2003 SP2
测试系统Windows Server 2003 SP2 x86

![19](https://github.com/Ascotbe/Random-img/blob/master/WindowsKernelExploits/CVE-2013-1332_win2003_x86.gif?raw=true)

8 changes: 4 additions & 4 deletions CVE-2013-1345/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@

> X86利用
测试系统windows 7 sp1 x86 ,直接使用msf即可,我们当机器已经上线了
测试系统Windows 7 SP1 x86 ,直接使用msf即可,我们当机器已经上线了

```
use exploit/windows/local/ms13_053_schlamperei
Expand All @@ -33,13 +33,13 @@ run

![image-20200822151416515](https://github.com/Ascotbe/Random-img/blob/master/WindowsKernelExploits/CVE-2013-1345_win7_x86.png?raw=true)

Windows sever 2003 sp2 x86 和Windows sever 2003 R2 sp2 x86都测试成功,但是利用文件没有源码只有exe可执行文件
Windows Sever 2003 SP2 x86 和Windows Sever 2003 R2 SP2 x86都测试成功,但是利用文件没有源码只有exe可执行文件

Windows sever 2003 sp2 x86 动图如下
Windows Sever 2003 SP2 x86 动图如下

![17](https://github.com/Ascotbe/Random-img/blob/master/WindowsKernelExploits/CVE-2013-1345_win2003_x86.gif?raw=true)

Windows sever 2003 R2 sp2 x86 动图如下
Windows Sever 2003 R2 SP2 x86 动图如下

![18](https://github.com/Ascotbe/Random-img/blob/master/WindowsKernelExploits/CVE-2013-1345_win2003_x86_2.gif?raw=true)

4 changes: 2 additions & 2 deletions CVE-2014-1767/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -25,12 +25,12 @@

> x86利用
测试系统Windows 7 sp1 x86 ,测试exe文件和py脚本都可以正常利用
测试系统Windows 7 SP1 x86 ,测试exe文件和py脚本都可以正常利用

![16](https://github.com/Ascotbe/Random-img/blob/master/WindowsKernelExploits/CVE-2014-1767_win7_x86.gif?raw=true)

> x64利用
测试系统Windows 7 sp1 x64 测试利用py脚本,exe文件有机率蓝屏
测试系统Windows 7 SP1 x64 测试利用py脚本,exe文件有机率蓝屏

![17](https://github.com/Ascotbe/Random-img/blob/master/WindowsKernelExploits/CVE-2014-1767_win7_x64.gif?raw=true)
2 changes: 2 additions & 0 deletions CVE-2014-4076/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,8 @@
i586-mingw32msvc-gcc CVE-2014-4076.c -o CVE-2014-4076.exe
```

测试机器Windows Server 2003 SP2 x86

![16](https://github.com/Ascotbe/Random-img/blob/master/WindowsKernelExploits/CVE-2014-4076_win2003_x86.gif?raw=true)


Expand Down
4 changes: 2 additions & 2 deletions CVE-2014-4113/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -30,13 +30,13 @@

> x86利用
测试系统Windows 7 sp1 x86
测试系统Windows 7 SP1 x86

![14](https://github.com/Ascotbe/Random-img/blob/master/WindowsKernelExploits/CVE-2014-4113_win7_x86.gif?raw=true)

> x64利用
测试系统Windows 7 sp1 x64
测试系统Windows 7 SP1 x64

![15](https://github.com/Ascotbe/Random-img/blob/master/WindowsKernelExploits/CVE-2014-4113_win7_x64.gif?raw=true)

6 changes: 3 additions & 3 deletions CVE-2015-0003/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@
| Windows Rt 8.1 | | | | |
| Windows Server 2003 | | | SP2 | |
| Windows Server 2008 | | | SP2 | |
| Windows Server 2008 | | R2 | SP1 | |
| Windows Server 2008 | | R2 | SP1 | :heavy_check_mark: |
| Windows Server 2012 | | | | |
| Windows Server 2012 | | R2 | | |
| Windows Vista | | | SP2 | |
Expand All @@ -28,7 +28,7 @@

- VS2019 (V120_xp)X86 Release

利用windows 7 sp1 x86作为演示
利用Windows 7 SP1 x86作为演示

![10](https://github.com/Ascotbe/Random-img/blob/master/WindowsKernelExploits/CVE-2015-0003_win7_x86.gif?raw=true)

Expand All @@ -38,7 +38,7 @@

- VS2019 (V142)X64 Release

利用Windows server 2008 R2 sp1 x64进行测试
利用Windows Server 2008 R2 SP1 x64进行测试

![11](https://github.com/Ascotbe/Random-img/blob/master/WindowsKernelExploits/CVE-2015-0003_win2008_x64.gif?raw=true)

2 changes: 1 addition & 1 deletion CVE-2015-0057/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,6 @@

测试使用的是网上找到的编译好的EXP`CVE-2015-0057_x86``CVE-2015-0057_x64`,可以对Windows7/2008利用成功,会添加用户账号`k8team$` 密码`K8TeAm520!@#`

对Windows 7 sp1 x86进行测试
对Windows 7 SP1 x86进行测试

![2](https://github.com/Ascotbe/Random-img/blob/master/WindowsKernelExploits/CVE-2015-0057_win7_sp1_x86.gif?raw=true)
4 changes: 2 additions & 2 deletions CVE-2015-1701/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -22,12 +22,12 @@

> x86利用
测试机器 windows 7 sp1 x86
测试机器 Windows 7 SP1 x86

![12](https://github.com/Ascotbe/Random-img/blob/master/WindowsKernelExploits/CVE-2015-1701_win7_x86.gif?raw=true)

> x64利用
测试使用windows server 2008 R2 sp1 x64
测试使用Windows Server 2008 R2 SP1 x64

![13](https://github.com/Ascotbe/Random-img/blob/master/WindowsKernelExploits/CVE-2015-1701_win2008_x64.gif?raw=true)
4 changes: 3 additions & 1 deletion CVE-2015-2370/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -34,4 +34,6 @@ x64/x86 Windows 7/8.1都可以利用成功,这个漏洞就是可以像任意
Trebuchet.exe c:\Users\ascotbe\Desktop\test.txt c:\Windows\System32\test1.txt
```

![2](https://github.com/Ascotbe/Random-img/blob/master/WindowsKernelExploits/CVE-2015-2370_win7_x86.png?raw=true)
演示机器Windows 7 SP1 x86

![2](https://github.com/Ascotbe/Random-img/blob/master/WindowsKernelExploits/CVE-2015-2370_win7_x86.png?raw=true)
Loading

0 comments on commit 4bc0472

Please sign in to comment.