Skip to content

Commit

Permalink
Merge pull request Ascotbe#6 from ycdxsb/master
Browse files Browse the repository at this point in the history
add reference link
  • Loading branch information
Ascotbe authored Apr 30, 2021
2 parents f09fbce + 9c7585c commit 92eeac7
Show file tree
Hide file tree
Showing 51 changed files with 249 additions and 24 deletions.
5 changes: 4 additions & 1 deletion CVE-2005-1983/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -13,4 +13,7 @@ PnP服务中基于堆栈的缓冲区溢出使远程攻击者可以通过精心

#### 利用方式

暂无
暂无

#### 分析文章
- https://blog.csdn.net/tomqq/article/details/1951128
3 changes: 3 additions & 0 deletions CVE-2006-3439/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -27,3 +27,6 @@ set RHOST 192.168.1.17
run
```

#### 分析文章
- http://www.atomsec.org/%E5%AE%89%E5%85%A8/ms06-040cve-2006-3439%E9%9D%99%E6%80%81%E5%88%86%E6%9E%90/
- https://bbs.pediy.com/thread-266157.htm
6 changes: 5 additions & 1 deletion CVE-2008-1084/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -22,4 +22,8 @@

测试系统Windows Server 2003 SP2 x86

![27](https://github.com/Ascotbe/Random-img/blob/master/WindowsKernelExploits/CVE-2008-1084_win2003_x86.gif?raw=true)
![27](https://github.com/Ascotbe/Random-img/blob/master/WindowsKernelExploits/CVE-2008-1084_win2003_x86.gif?raw=true)

#### 分析文章
- https://github.com/lyshark/Windows-exploits/blob/master/Windows%20%E5%86%85%E6%A0%B8%E6%BC%8F%E6%B4%9E%20ms08025%20%E5%88%86%E6%9E%90.7z
- https://bbs.pediy.com/thread-63099.htm
2 changes: 2 additions & 0 deletions CVE-2008-3464/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -22,3 +22,5 @@

![26](https://github.com/Ascotbe/Random-img/blob/master/WindowsKernelExploits/CVE-2008-3464_win2003_x86.gif?raw=true)

#### 分析文章
- https://bbs.pediy.com/thread-74811.htm
6 changes: 5 additions & 1 deletion CVE-2008-4250/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -29,4 +29,8 @@ set RHOST 192.168.1.14
run
```

![image-20200823143331505](https://github.com/Ascotbe/Random-img/blob/master/WindowsKernelExploits/CVE-2008-4250_win2003_x86_msf.png?raw=true)
![image-20200823143331505](https://github.com/Ascotbe/Random-img/blob/master/WindowsKernelExploits/CVE-2008-4250_win2003_x86_msf.png?raw=true)

#### 分析文章
- https://bbs.pediy.com/thread-251219.htm
- https://www.jianshu.com/p/d086eb1ab0a6
6 changes: 5 additions & 1 deletion CVE-2009-2532/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -24,4 +24,8 @@ set RHOSTS 192.168.1.13 #目标IP
run
```

![image-20200823134421895](https://github.com/Ascotbe/Random-img/blob/master/WindowsKernelExploits/CVE-2009-2532_win2008_x86_msf.png?raw=true)
![image-20200823134421895](https://github.com/Ascotbe/Random-img/blob/master/WindowsKernelExploits/CVE-2009-2532_win2008_x86_msf.png?raw=true)

#### 分析文章
- https://www.giantbranch.cn/2017/08/26/Educatedscholar%E5%88%A9%E7%94%A8%E7%9A%84%E6%BC%8F%E6%B4%9Ems09-050%E5%88%86%E6%9E%90%E5%8F%8A%E5%85%B6%E5%88%A9%E7%94%A8%E7%9A%84shellcode%E5%88%86%E6%9E%90%E5%8F%8A%E4%B8%8Emsf%E5%88%A9%E7%94%A8%E5%AF%B9%E6%AF%94/
- https://zhuanlan.zhihu.com/p/27155431
4 changes: 4 additions & 0 deletions CVE-2011-0045/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -14,3 +14,7 @@

暂无

#### 分析文章
- https://blog.csdn.net/QEver/article/details/6227415
- https://www.geek-share.com/detail/2510409740.html
- https://bbs.pediy.com/thread-130487.htm
3 changes: 3 additions & 0 deletions CVE-2011-1249/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -30,3 +30,6 @@ i686-w64-mingw32-gcc CVE-2011-1249.c -o CVE-2011-1249.exe -lws2_32
测试系统Windows Server 2003 SP2 x86和Windows 7 SP1 x86都成功

![23](https://github.com/Ascotbe/Random-img/blob/master/WindowsKernelExploits/CVE-2011-1249_win2003_x86.gif?raw=true)

#### 分析文章
- https://github.com/Madusanka99/OHTS/blob/master/IT16075504%20-OHTS%20Report.pdf
3 changes: 3 additions & 0 deletions CVE-2011-2005/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -23,3 +23,6 @@ msf利用直接使用这个即可
```
use exploit/windows/local/ms11_080_afdjoinleaf
```

#### 分析文章
- http://qq53.github.io/1500623869.html
3 changes: 3 additions & 0 deletions CVE-2013-1332/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -29,3 +29,6 @@

![19](https://github.com/Ascotbe/Random-img/blob/master/WindowsKernelExploits/CVE-2013-1332_win2003_x86.gif?raw=true)

#### 分析文章
- https://www.anquanke.com/vul/id/1045064
- http://www.91ri.org/6708.html
5 changes: 4 additions & 1 deletion CVE-2013-5065/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -14,4 +14,7 @@

#### 利用方式

暂无
暂无

#### 分析文章
- https://bbs.pediy.com/thread-182135.htm
6 changes: 5 additions & 1 deletion CVE-2014-1767/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -33,4 +33,8 @@
测试系统Windows 7 SP1 x64 测试利用py脚本,exe文件有机率蓝屏

![17](https://github.com/Ascotbe/Random-img/blob/master/WindowsKernelExploits/CVE-2014-1767_win7_x64.gif?raw=true)
![17](https://github.com/Ascotbe/Random-img/blob/master/WindowsKernelExploits/CVE-2014-1767_win7_x64.gif?raw=true)

#### 分析文章
- https://xz.aliyun.com/t/6770
- https://www.bbsmax.com/A/E35p6R28zv/
3 changes: 2 additions & 1 deletion CVE-2014-4076/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -23,4 +23,5 @@ i586-mingw32msvc-gcc CVE-2014-4076.c -o CVE-2014-4076.exe
![16](https://github.com/Ascotbe/Random-img/blob/master/WindowsKernelExploits/CVE-2014-4076_win2003_x86.gif?raw=true)



#### 分析文章
- https://bbs.pediy.com/thread-198600.htm
7 changes: 7 additions & 0 deletions CVE-2014-4113/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -40,3 +40,10 @@

![15](https://github.com/Ascotbe/Random-img/blob/master/WindowsKernelExploits/CVE-2014-4113_win7_x64.gif?raw=true)

#### 分析文章
- https://xz.aliyun.com/t/4456
- https://b2ahex.github.io/blog/2017/06/13/4113%E5%88%86%E6%9E%90/index.html
- https://www.anquanke.com/post/id/84477
- https://bbs.pediy.com/thread-198194.htm
- https://wooyun.js.org/drops/CVE-2014-4113%E6%BC%8F%E6%B4%9E%E5%88%A9%E7%94%A8%E8%BF%87%E7%A8%8B%E5%88%86%E6%9E%90.html
- http://www.netfairy.net/?post=209
7 changes: 6 additions & 1 deletion CVE-2014-6321/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -22,4 +22,9 @@ Schannel允许远程攻击者通过精心设计的数据包远程执行代码

#### 利用方式

暂无
暂无

#### 分析文章
- http://bobao.360.cn/learning/detail/114.html
- https://wooyun.js.org/drops/CVE-2014-6321%20schannel%E5%A0%86%E6%BA%A2%E5%87%BA%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90.html
- https://www.freebuf.com/vuls/52110.html
4 changes: 4 additions & 0 deletions CVE-2014-6324/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -21,3 +21,7 @@
#### 利用方式

暂无

#### 分析文章
- https://naykcin.top/2020/01/12/ms14068/
- https://www.cnblogs.com/feizianquan/p/11760564.html
6 changes: 5 additions & 1 deletion CVE-2015-0002/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -19,4 +19,8 @@

#### 利用方式

有源码,未知利用
有源码,未知利用

#### 分析文章
- https://googleprojectzero.blogspot.com/2015/02/a-tokens-tale_9.html
- http://www.vuln.cn/6702
4 changes: 4 additions & 0 deletions CVE-2015-0003/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -42,3 +42,7 @@

![11](https://github.com/Ascotbe/Random-img/blob/master/WindowsKernelExploits/CVE-2015-0003_win2008_x64.gif?raw=true)

#### 分析文章
- https://www.shuzhiduo.com/A/Vx5M1WrL5N/
- https://www.cnblogs.com/flycat-2016/p/5452929.html
- https://www.fireeye.com/blog/threat-research/2015/07/dyre_banking_trojan.html
8 changes: 7 additions & 1 deletion CVE-2015-0057/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -31,4 +31,10 @@

对Windows 7 SP1 x86进行测试

![2](https://github.com/Ascotbe/Random-img/blob/master/WindowsKernelExploits/CVE-2015-0057_win7_sp1_x86.gif?raw=true)
![2](https://github.com/Ascotbe/Random-img/blob/master/WindowsKernelExploits/CVE-2015-0057_win7_sp1_x86.gif?raw=true)

#### 分析文章
- https://xz.aliyun.com/t/4549
- https://paper.seebug.org/1439/
- https://www.anquanke.com/post/id/163973
- https://blog.csdn.net/qq_35713009/article/details/102921859
3 changes: 3 additions & 0 deletions CVE-2015-1725/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -29,3 +29,6 @@

- [Rootkitsmm](https://github.com/Rootkitsmm/MS15-061)

#### 分析文章
- https://github.com/LibreCrops/translation-zh_CN/blob/master/source/ms-15-061.rst
- https://translation-zh-cn.readthedocs.io/zh_CN/latest/ms-15-061.html
6 changes: 5 additions & 1 deletion CVE-2015-2370/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -36,4 +36,8 @@ Trebuchet.exe c:\Users\ascotbe\Desktop\test.txt c:\Windows\System32\test1.txt

演示机器Windows 7 SP1 x86

![2](https://github.com/Ascotbe/Random-img/blob/master/WindowsKernelExploits/CVE-2015-2370_win7_x86.png?raw=true)
![2](https://github.com/Ascotbe/Random-img/blob/master/WindowsKernelExploits/CVE-2015-2370_win7_x86.png?raw=true)

#### 分析文章
- http://bobao.360.cn/learning/detail/584.html
- https://blog.csdn.net/oShuangYue12/article/details/84677607
3 changes: 3 additions & 0 deletions CVE-2015-2546/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -30,3 +30,6 @@

![1](https://github.com/Ascotbe/Random-img/blob/master/WindowsKernelExploits/CVE-2015-2546_win7_x86.gif?raw=true)

#### 分析文章
- http://drops.xmd5.com/static/drops/papers-9276.html
- https://bbs.pediy.com/thread-263673.htm
6 changes: 6 additions & 0 deletions CVE-2016-0095/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -26,3 +26,9 @@
测试Windows 7 SP1 x64的GIF图

![5](https://github.com/Ascotbe/Random-img/blob/master/WindowsKernelExploits/CVE-2016-0095_win7_x64.gif?raw=true)

#### 分析文章
- https://xz.aliyun.com/t/6008
- http://weaponx.site/2017/08/11/CVE-2016-0095%E4%BB%8EPoC%E5%88%B0Exploit/
- https://whereisk0shl.top/ssctf_pwn450_windows_kernel_exploitation_writeup.html
- github https://github.com/k0keoyo/SSCTF-pwn450-ms16-034-writeup
11 changes: 10 additions & 1 deletion CVE-2016-3309/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -36,4 +36,13 @@ https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-3309

#### 项目来源

- [sensepost](https://github.com/sensepost/gdi-palettes-exp)
- [sensepost](https://github.com/sensepost/gdi-palettes-exp)

#### 分析文章
- https://paper.seebug.org/37/
- https://xz.aliyun.com/t/4543
- https://github.com/55-AA/CVE-2016-3308/blob/master/CVE-2016-3308.md
- https://xz.aliyun.com/t/2919
- https://paper.seebug.org/320/
- https://security.tencent.com/index.php/blog/msg/117
- https://www.anquanke.com/post/id/85302
3 changes: 3 additions & 0 deletions CVE-2016-7255/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -38,3 +38,6 @@ https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-7255
通过ps脚本进行演示,直接上GIF图

![3](https://github.com/Ascotbe/Random-img/blob/master/WindowsKernelExploits/CVE-2016-7255_win7_x86.gif?raw=true)

#### 分析文章
- https://www.anquanke.com/post/id/85232
3 changes: 3 additions & 0 deletions CVE-2017-0101/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -28,3 +28,6 @@ https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0101

![2](https://github.com/Ascotbe/Random-img/blob/master/WindowsKernelExploits/CVE-2017-0101_win7_x86.gif?raw=true)

#### 分析文章
- https://paper.seebug.org/586/
- https://bbs.pediy.com/thread-256949.htm
6 changes: 6 additions & 0 deletions CVE-2017-0143/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -44,3 +44,9 @@ run
![image-20200818114925926](https://github.com/Ascotbe/Random-img/blob/master/WindowsKernelExploits/CVE-2017-0143_msf_2.png?raw=true)


#### 分析文章
- https://www.anquanke.com/post/id/86270
- https://github.com/worawit/MS17-010/blob/master/BUG.txt
- https://yi0934.github.io/2019/04/08/CVE%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90/ms17-010/
- https://cy2cs.top/2020/08/22/%E3%80%90owva%E3%80%91%E6%B0%B8%E6%81%92%E4%B9%8B%E8%93%9D%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90/
- https://paper.seebug.org/280/
5 changes: 4 additions & 1 deletion CVE-2017-0213/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -36,4 +36,7 @@ https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0213

测试环境Windows 7 SP1 x64

![CVE-2017-0213_win7_x86](https://github.com/Ascotbe/Random-img/blob/master/WindowsKernelExploits/CVE-2017-0213_win7_x86.gif?raw=true)
![CVE-2017-0213_win7_x86](https://github.com/Ascotbe/Random-img/blob/master/WindowsKernelExploits/CVE-2017-0213_win7_x86.gif?raw=true)

#### 分析文章
- https://cloud.tencent.com/developer/article/1045805
6 changes: 6 additions & 0 deletions CVE-2017-8464/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -63,3 +63,9 @@ GIF图如下

![1](https://github.com/Ascotbe/Random-img/blob/master/WindowsKernelExploits/CVE-2017-8464_win7_x86.gif?raw=true)

#### 分析文章
- https://my.oschina.net/u/4310658/blog/3695267
- https://www.anquanke.com/post/id/202705
- https://wohin.me/0dayan-quan-external-stuxnet-cve-2017-8464/
- https://blog.csdn.net/baidu_41647119/article/details/103875396
- http://www.vxjump.net/files/vuln_analysis/cve-2017-8464.txt
5 changes: 4 additions & 1 deletion CVE-2018-0833/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,9 @@ https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0833

![CVE](https://github.com/Ascotbe/Random-img/blob/master/WindowsKernelExploits/CVE-2018-0833.gif?raw=true)

#### 分析文章
- https://de4dcr0w.github.io/cve%E6%BC%8F%E6%B4%9E/SMBv3%E6%97%A0%E6%95%88%E6%8C%87%E9%92%88%E5%BC%95%E7%94%A8%E6%BC%8F%E6%B4%9E(CVE-2018-0833).html

#### 漏洞来源

- [exploit-db](https://www.exploit-db.com/exploits/44189)
- [exploit-db](https://www.exploit-db.com/exploits/44189)
4 changes: 4 additions & 0 deletions CVE-2018-1038/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -21,3 +21,7 @@ https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1038

暂无找到可以测试通过的POC

#### 分析文章
- https://blog.xpnsec.com/total-meltdown-cve-2018-1038/
- https://www.anquanke.com/post/id/106156
- https://de4dcr0w.github.io/%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90/CVE-2018-1038-TotalMeltdown%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90%E7%9A%84%E4%B8%80%E7%82%B9%E8%AE%B0%E5%BD%95.html
6 changes: 6 additions & 0 deletions CVE-2018-8120/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -29,3 +29,9 @@ https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8120

![1](https://github.com/Ascotbe/Random-img/blob/master/WindowsKernelExploits/CVE-2018-8120_win7_x64.gif?raw=true)

#### 分析文章
- https://github.com/EVOL4/CVE-2018-8120/blob/master/CVE-2018-8120.md
- https://b2ahex.github.io/blog/2018/05/15/8120%E5%88%86%E6%9E%90/index.html
- https://paper.seebug.org/614/
- https://xz.aliyun.com/t/8667
- http://xz.aliyun.com/t/5966
7 changes: 6 additions & 1 deletion CVE-2018-8440/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -32,4 +32,9 @@ https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8440

#### 利用方式

暂无
暂无

#### 分析文章
- https://blog.0patch.com/2018/08/how-we-micropatched-publicly-dropped.html
- https://blog.0patch.com/2018/09/comparing-our-micropatch-with.html
- https://www.anquanke.com/post/id/169382
10 changes: 10 additions & 0 deletions CVE-2018-8453/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,16 @@ https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8453

![CVE-2018-8453](https://github.com/Ascotbe/Random-img/raw/master/WindowsKernelExploits/CVE-2018-8453_win10_1709_x64.gif?raw=true)

#### 分析文章
- https://github.com/thepwnrip/leHACK-Analysis-of-CVE-2018-8453
- https://www.anquanke.com/post/id/162894
- https://paper.seebug.org/784/
- https://paper.seebug.org/798/
- https://bbs.pediy.com/thread-249021.htm
- https://www.jianshu.com/p/082bd9992b57
- https://www.whsgwl.net/blog/CVE-2018-8453_0.html
- https://www.whsgwl.net/blog/CVE-2018-8453_1.html

#### 项目来源

- [ze0r](https://github.com/ze0r/cve-2018-8453-exp)
7 changes: 6 additions & 1 deletion CVE-2018-8639/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -54,4 +54,9 @@ https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8639

Windows 7 SP1 X64测试通过的EXP,上GIF图

![3](https://github.com/Ascotbe/Random-img/blob/master/WindowsKernelExploits/8.gif?raw=true)
![3](https://github.com/Ascotbe/Random-img/blob/master/WindowsKernelExploits/8.gif?raw=true)

#### 分析文章
- https://www.anquanke.com/post/id/183358
- https://bbs.pediy.com/thread-251400.htm
- https://bbs.pediy.com/thread-254305.htm
3 changes: 2 additions & 1 deletion CVE-2019-0623/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,8 @@ https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0623

-


#### 分析文章
- https://paper.seebug.org/832/



Expand Down
5 changes: 5 additions & 0 deletions CVE-2019-0803/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -41,3 +41,8 @@ https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0803
这里测试机器是Windows Server 2008 R2 x64,上GIF图

![11](https://github.com/Ascotbe/Random-img/blob/master/WindowsKernelExploits/4.gif?raw=true)

#### 分析文章
- https://bbs.pediy.com/thread-260289.htm
- https://www.jianshu.com/p/91e0f79f36eb
- https://zhuanlan.zhihu.com/p/62520006
Loading

0 comments on commit 92eeac7

Please sign in to comment.