From 9c7585c6bfc99b338001fce62cd207a674955d82 Mon Sep 17 00:00:00 2001 From: ycdxsb <1452740432@qq.com> Date: Fri, 30 Apr 2021 14:52:15 +0800 Subject: [PATCH] add reference link --- CVE-2005-1983/README.md | 5 ++++- CVE-2006-3439/README.md | 3 +++ CVE-2008-1084/README.md | 6 +++++- CVE-2008-3464/README.md | 2 ++ CVE-2008-4250/README.md | 6 +++++- CVE-2009-2532/README.md | 6 +++++- CVE-2011-0045/README.md | 4 ++++ CVE-2011-1249/README.md | 3 +++ CVE-2011-2005/README.md | 3 +++ CVE-2013-1332/README.md | 3 +++ CVE-2013-5065/README.md | 5 ++++- CVE-2014-1767/README.md | 6 +++++- CVE-2014-4076/README.md | 3 ++- CVE-2014-4113/README.md | 7 +++++++ CVE-2014-6321/README.md | 7 ++++++- CVE-2014-6324/README.md | 4 ++++ CVE-2015-0002/README.md | 6 +++++- CVE-2015-0003/README.md | 4 ++++ CVE-2015-0057/README.md | 8 +++++++- CVE-2015-1725/README.md | 3 +++ CVE-2015-2370/README.md | 6 +++++- CVE-2015-2546/README.md | 3 +++ CVE-2016-0095/README.md | 6 ++++++ CVE-2016-3309/README.md | 11 ++++++++++- CVE-2016-7255/README.md | 3 +++ CVE-2017-0101/README.md | 3 +++ CVE-2017-0143/README.md | 6 ++++++ CVE-2017-0213/README.md | 5 ++++- CVE-2017-8464/README.md | 6 ++++++ CVE-2018-0833/README.md | 5 ++++- CVE-2018-1038/README.md | 4 ++++ CVE-2018-8120/README.md | 6 ++++++ CVE-2018-8440/README.md | 7 ++++++- CVE-2018-8453/README.md | 10 ++++++++++ CVE-2018-8639/README.md | 7 ++++++- CVE-2019-0623/README.md | 3 ++- CVE-2019-0803/README.md | 5 +++++ CVE-2019-0808/README.md | 6 +++++- CVE-2019-0859/README.md | 5 +++++ CVE-2019-1132/README.md | 6 +++++- CVE-2019-1388/README.md | 6 +++++- CVE-2019-1458/README.md | 7 ++++++- CVE-2020-0668/README.md | 5 ++++- CVE-2020-0787/README.md | 4 ++++ CVE-2020-0796/README.md | 9 ++++++++- CVE-2020-1034/README.md | 8 +++++++- CVE-2020-1054/README.md | 5 +++++ CVE-2020-1472/README.md | 6 ++++++ CVE-2020-16898/README.md | 6 ++++++ CVE-2020-17087/README.md | 3 +++ CVE-2021-1732/README.md | 7 +++++++ 51 files changed, 249 insertions(+), 24 deletions(-) diff --git a/CVE-2005-1983/README.md b/CVE-2005-1983/README.md index cb68b62..114045d 100644 --- a/CVE-2005-1983/README.md +++ b/CVE-2005-1983/README.md @@ -13,4 +13,7 @@ PnP服务中基于堆栈的缓冲区溢出使远程攻击者可以通过精心 #### 利用方式 -暂无 \ No newline at end of file +暂无 + +#### 分析文章 +- https://blog.csdn.net/tomqq/article/details/1951128 \ No newline at end of file diff --git a/CVE-2006-3439/README.md b/CVE-2006-3439/README.md index 7cf2ae3..8c41cb3 100644 --- a/CVE-2006-3439/README.md +++ b/CVE-2006-3439/README.md @@ -27,3 +27,6 @@ set RHOST 192.168.1.17 run ``` +#### 分析文章 +- http://www.atomsec.org/%E5%AE%89%E5%85%A8/ms06-040cve-2006-3439%E9%9D%99%E6%80%81%E5%88%86%E6%9E%90/ +- https://bbs.pediy.com/thread-266157.htm \ No newline at end of file diff --git a/CVE-2008-1084/README.md b/CVE-2008-1084/README.md index 5be753d..bd6e445 100644 --- a/CVE-2008-1084/README.md +++ b/CVE-2008-1084/README.md @@ -22,4 +22,8 @@ 测试系统Windows Server 2003 SP2 x86 -![27](https://github.com/Ascotbe/Random-img/blob/master/WindowsKernelExploits/CVE-2008-1084_win2003_x86.gif?raw=true) \ No newline at end of file +![27](https://github.com/Ascotbe/Random-img/blob/master/WindowsKernelExploits/CVE-2008-1084_win2003_x86.gif?raw=true) + +#### 分析文章 +- https://github.com/lyshark/Windows-exploits/blob/master/Windows%20%E5%86%85%E6%A0%B8%E6%BC%8F%E6%B4%9E%20ms08025%20%E5%88%86%E6%9E%90.7z +- https://bbs.pediy.com/thread-63099.htm \ No newline at end of file diff --git a/CVE-2008-3464/README.md b/CVE-2008-3464/README.md index aba06b0..1bbc59b 100644 --- a/CVE-2008-3464/README.md +++ b/CVE-2008-3464/README.md @@ -22,3 +22,5 @@ ![26](https://github.com/Ascotbe/Random-img/blob/master/WindowsKernelExploits/CVE-2008-3464_win2003_x86.gif?raw=true) +#### 分析文章 +- https://bbs.pediy.com/thread-74811.htm \ No newline at end of file diff --git a/CVE-2008-4250/README.md b/CVE-2008-4250/README.md index 4ae96a5..00f100d 100644 --- a/CVE-2008-4250/README.md +++ b/CVE-2008-4250/README.md @@ -29,4 +29,8 @@ set RHOST 192.168.1.14 run ``` -![image-20200823143331505](https://github.com/Ascotbe/Random-img/blob/master/WindowsKernelExploits/CVE-2008-4250_win2003_x86_msf.png?raw=true) \ No newline at end of file +![image-20200823143331505](https://github.com/Ascotbe/Random-img/blob/master/WindowsKernelExploits/CVE-2008-4250_win2003_x86_msf.png?raw=true) + +#### 分析文章 +- https://bbs.pediy.com/thread-251219.htm +- https://www.jianshu.com/p/d086eb1ab0a6 \ No newline at end of file diff --git a/CVE-2009-2532/README.md b/CVE-2009-2532/README.md index 32b1cb7..f49793e 100644 --- a/CVE-2009-2532/README.md +++ b/CVE-2009-2532/README.md @@ -24,4 +24,8 @@ set RHOSTS 192.168.1.13 #目标IP run ``` -![image-20200823134421895](https://github.com/Ascotbe/Random-img/blob/master/WindowsKernelExploits/CVE-2009-2532_win2008_x86_msf.png?raw=true) \ No newline at end of file +![image-20200823134421895](https://github.com/Ascotbe/Random-img/blob/master/WindowsKernelExploits/CVE-2009-2532_win2008_x86_msf.png?raw=true) + +#### 分析文章 +- https://www.giantbranch.cn/2017/08/26/Educatedscholar%E5%88%A9%E7%94%A8%E7%9A%84%E6%BC%8F%E6%B4%9Ems09-050%E5%88%86%E6%9E%90%E5%8F%8A%E5%85%B6%E5%88%A9%E7%94%A8%E7%9A%84shellcode%E5%88%86%E6%9E%90%E5%8F%8A%E4%B8%8Emsf%E5%88%A9%E7%94%A8%E5%AF%B9%E6%AF%94/ +- https://zhuanlan.zhihu.com/p/27155431 \ No newline at end of file diff --git a/CVE-2011-0045/README.md b/CVE-2011-0045/README.md index 539f659..a1d8dda 100644 --- a/CVE-2011-0045/README.md +++ b/CVE-2011-0045/README.md @@ -14,3 +14,7 @@ 暂无 +#### 分析文章 +- https://blog.csdn.net/QEver/article/details/6227415 +- https://www.geek-share.com/detail/2510409740.html +- https://bbs.pediy.com/thread-130487.htm \ No newline at end of file diff --git a/CVE-2011-1249/README.md b/CVE-2011-1249/README.md index eba8805..8b1f3d7 100644 --- a/CVE-2011-1249/README.md +++ b/CVE-2011-1249/README.md @@ -30,3 +30,6 @@ i686-w64-mingw32-gcc CVE-2011-1249.c -o CVE-2011-1249.exe -lws2_32 测试系统Windows Server 2003 SP2 x86和Windows 7 SP1 x86都成功 ![23](https://github.com/Ascotbe/Random-img/blob/master/WindowsKernelExploits/CVE-2011-1249_win2003_x86.gif?raw=true) + +#### 分析文章 +- https://github.com/Madusanka99/OHTS/blob/master/IT16075504%20-OHTS%20Report.pdf \ No newline at end of file diff --git a/CVE-2011-2005/README.md b/CVE-2011-2005/README.md index ad998b7..0ff9128 100644 --- a/CVE-2011-2005/README.md +++ b/CVE-2011-2005/README.md @@ -23,3 +23,6 @@ msf利用直接使用这个即可 ``` use exploit/windows/local/ms11_080_afdjoinleaf ``` + +#### 分析文章 +- http://qq53.github.io/1500623869.html \ No newline at end of file diff --git a/CVE-2013-1332/README.md b/CVE-2013-1332/README.md index 9c229c3..ddcebec 100644 --- a/CVE-2013-1332/README.md +++ b/CVE-2013-1332/README.md @@ -29,3 +29,6 @@ ![19](https://github.com/Ascotbe/Random-img/blob/master/WindowsKernelExploits/CVE-2013-1332_win2003_x86.gif?raw=true) +#### 分析文章 +- https://www.anquanke.com/vul/id/1045064 +- http://www.91ri.org/6708.html \ No newline at end of file diff --git a/CVE-2013-5065/README.md b/CVE-2013-5065/README.md index 1ab1adc..3dfa9cf 100644 --- a/CVE-2013-5065/README.md +++ b/CVE-2013-5065/README.md @@ -14,4 +14,7 @@ #### 利用方式 -暂无 \ No newline at end of file +暂无 + +#### 分析文章 +- https://bbs.pediy.com/thread-182135.htm \ No newline at end of file diff --git a/CVE-2014-1767/README.md b/CVE-2014-1767/README.md index 683e3f7..0cfd7a1 100644 --- a/CVE-2014-1767/README.md +++ b/CVE-2014-1767/README.md @@ -33,4 +33,8 @@ 测试系统Windows 7 SP1 x64 测试利用py脚本,exe文件有机率蓝屏 -![17](https://github.com/Ascotbe/Random-img/blob/master/WindowsKernelExploits/CVE-2014-1767_win7_x64.gif?raw=true) \ No newline at end of file +![17](https://github.com/Ascotbe/Random-img/blob/master/WindowsKernelExploits/CVE-2014-1767_win7_x64.gif?raw=true) + +#### 分析文章 +- https://xz.aliyun.com/t/6770 +- https://www.bbsmax.com/A/E35p6R28zv/ \ No newline at end of file diff --git a/CVE-2014-4076/README.md b/CVE-2014-4076/README.md index 28af48b..db455ad 100644 --- a/CVE-2014-4076/README.md +++ b/CVE-2014-4076/README.md @@ -23,4 +23,5 @@ i586-mingw32msvc-gcc CVE-2014-4076.c -o CVE-2014-4076.exe ![16](https://github.com/Ascotbe/Random-img/blob/master/WindowsKernelExploits/CVE-2014-4076_win2003_x86.gif?raw=true) - +#### 分析文章 +- https://bbs.pediy.com/thread-198600.htm \ No newline at end of file diff --git a/CVE-2014-4113/README.md b/CVE-2014-4113/README.md index f03dc16..5fa71a6 100644 --- a/CVE-2014-4113/README.md +++ b/CVE-2014-4113/README.md @@ -40,3 +40,10 @@ ![15](https://github.com/Ascotbe/Random-img/blob/master/WindowsKernelExploits/CVE-2014-4113_win7_x64.gif?raw=true) +#### 分析文章 +- https://xz.aliyun.com/t/4456 +- https://b2ahex.github.io/blog/2017/06/13/4113%E5%88%86%E6%9E%90/index.html +- https://www.anquanke.com/post/id/84477 +- https://bbs.pediy.com/thread-198194.htm +- https://wooyun.js.org/drops/CVE-2014-4113%E6%BC%8F%E6%B4%9E%E5%88%A9%E7%94%A8%E8%BF%87%E7%A8%8B%E5%88%86%E6%9E%90.html +- http://www.netfairy.net/?post=209 \ No newline at end of file diff --git a/CVE-2014-6321/README.md b/CVE-2014-6321/README.md index 0a9217d..700553a 100644 --- a/CVE-2014-6321/README.md +++ b/CVE-2014-6321/README.md @@ -22,4 +22,9 @@ Schannel允许远程攻击者通过精心设计的数据包远程执行代码 #### 利用方式 -暂无 \ No newline at end of file +暂无 + +#### 分析文章 +- http://bobao.360.cn/learning/detail/114.html +- https://wooyun.js.org/drops/CVE-2014-6321%20schannel%E5%A0%86%E6%BA%A2%E5%87%BA%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90.html +- https://www.freebuf.com/vuls/52110.html \ No newline at end of file diff --git a/CVE-2014-6324/README.md b/CVE-2014-6324/README.md index 9e2ac87..65c7d70 100644 --- a/CVE-2014-6324/README.md +++ b/CVE-2014-6324/README.md @@ -21,3 +21,7 @@ #### 利用方式 暂无 + +#### 分析文章 +- https://naykcin.top/2020/01/12/ms14068/ +- https://www.cnblogs.com/feizianquan/p/11760564.html \ No newline at end of file diff --git a/CVE-2015-0002/README.md b/CVE-2015-0002/README.md index f6fce89..947e20d 100644 --- a/CVE-2015-0002/README.md +++ b/CVE-2015-0002/README.md @@ -19,4 +19,8 @@ #### 利用方式 -有源码,未知利用 \ No newline at end of file +有源码,未知利用 + +#### 分析文章 +- https://googleprojectzero.blogspot.com/2015/02/a-tokens-tale_9.html +- http://www.vuln.cn/6702 \ No newline at end of file diff --git a/CVE-2015-0003/README.md b/CVE-2015-0003/README.md index 2224619..ce6244e 100644 --- a/CVE-2015-0003/README.md +++ b/CVE-2015-0003/README.md @@ -42,3 +42,7 @@ ![11](https://github.com/Ascotbe/Random-img/blob/master/WindowsKernelExploits/CVE-2015-0003_win2008_x64.gif?raw=true) +#### 分析文章 +- https://www.shuzhiduo.com/A/Vx5M1WrL5N/ +- https://www.cnblogs.com/flycat-2016/p/5452929.html +- https://www.fireeye.com/blog/threat-research/2015/07/dyre_banking_trojan.html \ No newline at end of file diff --git a/CVE-2015-0057/README.md b/CVE-2015-0057/README.md index 8ead3d4..259f1ac 100644 --- a/CVE-2015-0057/README.md +++ b/CVE-2015-0057/README.md @@ -31,4 +31,10 @@ 对Windows 7 SP1 x86进行测试 -![2](https://github.com/Ascotbe/Random-img/blob/master/WindowsKernelExploits/CVE-2015-0057_win7_sp1_x86.gif?raw=true) \ No newline at end of file +![2](https://github.com/Ascotbe/Random-img/blob/master/WindowsKernelExploits/CVE-2015-0057_win7_sp1_x86.gif?raw=true) + +#### 分析文章 +- https://xz.aliyun.com/t/4549 +- https://paper.seebug.org/1439/ +- https://www.anquanke.com/post/id/163973 +- https://blog.csdn.net/qq_35713009/article/details/102921859 \ No newline at end of file diff --git a/CVE-2015-1725/README.md b/CVE-2015-1725/README.md index ed9734b..22ce650 100644 --- a/CVE-2015-1725/README.md +++ b/CVE-2015-1725/README.md @@ -29,3 +29,6 @@ - [Rootkitsmm](https://github.com/Rootkitsmm/MS15-061) +#### 分析文章 +- https://github.com/LibreCrops/translation-zh_CN/blob/master/source/ms-15-061.rst +- https://translation-zh-cn.readthedocs.io/zh_CN/latest/ms-15-061.html \ No newline at end of file diff --git a/CVE-2015-2370/README.md b/CVE-2015-2370/README.md index e170602..410acc5 100644 --- a/CVE-2015-2370/README.md +++ b/CVE-2015-2370/README.md @@ -36,4 +36,8 @@ Trebuchet.exe c:\Users\ascotbe\Desktop\test.txt c:\Windows\System32\test1.txt 演示机器Windows 7 SP1 x86 -![2](https://github.com/Ascotbe/Random-img/blob/master/WindowsKernelExploits/CVE-2015-2370_win7_x86.png?raw=true) \ No newline at end of file +![2](https://github.com/Ascotbe/Random-img/blob/master/WindowsKernelExploits/CVE-2015-2370_win7_x86.png?raw=true) + +#### 分析文章 +- http://bobao.360.cn/learning/detail/584.html +- https://blog.csdn.net/oShuangYue12/article/details/84677607 \ No newline at end of file diff --git a/CVE-2015-2546/README.md b/CVE-2015-2546/README.md index 5d2cad0..969697a 100644 --- a/CVE-2015-2546/README.md +++ b/CVE-2015-2546/README.md @@ -30,3 +30,6 @@ ![1](https://github.com/Ascotbe/Random-img/blob/master/WindowsKernelExploits/CVE-2015-2546_win7_x86.gif?raw=true) +#### 分析文章 +- http://drops.xmd5.com/static/drops/papers-9276.html +- https://bbs.pediy.com/thread-263673.htm \ No newline at end of file diff --git a/CVE-2016-0095/README.md b/CVE-2016-0095/README.md index 5a8a80c..056fde8 100644 --- a/CVE-2016-0095/README.md +++ b/CVE-2016-0095/README.md @@ -26,3 +26,9 @@ 测试Windows 7 SP1 x64的GIF图 ![5](https://github.com/Ascotbe/Random-img/blob/master/WindowsKernelExploits/CVE-2016-0095_win7_x64.gif?raw=true) + +#### 分析文章 +- https://xz.aliyun.com/t/6008 +- http://weaponx.site/2017/08/11/CVE-2016-0095%E4%BB%8EPoC%E5%88%B0Exploit/ +- https://whereisk0shl.top/ssctf_pwn450_windows_kernel_exploitation_writeup.html +- github https://github.com/k0keoyo/SSCTF-pwn450-ms16-034-writeup \ No newline at end of file diff --git a/CVE-2016-3309/README.md b/CVE-2016-3309/README.md index 19df38a..45a41b5 100644 --- a/CVE-2016-3309/README.md +++ b/CVE-2016-3309/README.md @@ -36,4 +36,13 @@ https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-3309 #### 项目来源 -- [sensepost](https://github.com/sensepost/gdi-palettes-exp) \ No newline at end of file +- [sensepost](https://github.com/sensepost/gdi-palettes-exp) + +#### 分析文章 +- https://paper.seebug.org/37/ +- https://xz.aliyun.com/t/4543 +- https://github.com/55-AA/CVE-2016-3308/blob/master/CVE-2016-3308.md +- https://xz.aliyun.com/t/2919 +- https://paper.seebug.org/320/ +- https://security.tencent.com/index.php/blog/msg/117 +- https://www.anquanke.com/post/id/85302 \ No newline at end of file diff --git a/CVE-2016-7255/README.md b/CVE-2016-7255/README.md index 27d54a9..897333a 100644 --- a/CVE-2016-7255/README.md +++ b/CVE-2016-7255/README.md @@ -38,3 +38,6 @@ https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-7255 通过ps脚本进行演示,直接上GIF图 ![3](https://github.com/Ascotbe/Random-img/blob/master/WindowsKernelExploits/CVE-2016-7255_win7_x86.gif?raw=true) + +#### 分析文章 +- https://www.anquanke.com/post/id/85232 \ No newline at end of file diff --git a/CVE-2017-0101/README.md b/CVE-2017-0101/README.md index 6c55471..6e656bf 100644 --- a/CVE-2017-0101/README.md +++ b/CVE-2017-0101/README.md @@ -28,3 +28,6 @@ https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0101 ![2](https://github.com/Ascotbe/Random-img/blob/master/WindowsKernelExploits/CVE-2017-0101_win7_x86.gif?raw=true) +#### 分析文章 +- https://paper.seebug.org/586/ +- https://bbs.pediy.com/thread-256949.htm \ No newline at end of file diff --git a/CVE-2017-0143/README.md b/CVE-2017-0143/README.md index 2597a94..f1fa1ea 100644 --- a/CVE-2017-0143/README.md +++ b/CVE-2017-0143/README.md @@ -44,3 +44,9 @@ run ![image-20200818114925926](https://github.com/Ascotbe/Random-img/blob/master/WindowsKernelExploits/CVE-2017-0143_msf_2.png?raw=true) +#### 分析文章 +- https://www.anquanke.com/post/id/86270 +- https://github.com/worawit/MS17-010/blob/master/BUG.txt +- https://yi0934.github.io/2019/04/08/CVE%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90/ms17-010/ +- https://cy2cs.top/2020/08/22/%E3%80%90owva%E3%80%91%E6%B0%B8%E6%81%92%E4%B9%8B%E8%93%9D%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90/ +- https://paper.seebug.org/280/ \ No newline at end of file diff --git a/CVE-2017-0213/README.md b/CVE-2017-0213/README.md index ef786c2..c592b8a 100644 --- a/CVE-2017-0213/README.md +++ b/CVE-2017-0213/README.md @@ -36,4 +36,7 @@ https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0213 测试环境Windows 7 SP1 x64 -![CVE-2017-0213_win7_x86](https://github.com/Ascotbe/Random-img/blob/master/WindowsKernelExploits/CVE-2017-0213_win7_x86.gif?raw=true) \ No newline at end of file +![CVE-2017-0213_win7_x86](https://github.com/Ascotbe/Random-img/blob/master/WindowsKernelExploits/CVE-2017-0213_win7_x86.gif?raw=true) + +#### 分析文章 +- https://cloud.tencent.com/developer/article/1045805 \ No newline at end of file diff --git a/CVE-2017-8464/README.md b/CVE-2017-8464/README.md index e68638f..3f8e5b6 100644 --- a/CVE-2017-8464/README.md +++ b/CVE-2017-8464/README.md @@ -63,3 +63,9 @@ GIF图如下 ![1](https://github.com/Ascotbe/Random-img/blob/master/WindowsKernelExploits/CVE-2017-8464_win7_x86.gif?raw=true) +#### 分析文章 +- https://my.oschina.net/u/4310658/blog/3695267 +- https://www.anquanke.com/post/id/202705 +- https://wohin.me/0dayan-quan-external-stuxnet-cve-2017-8464/ +- https://blog.csdn.net/baidu_41647119/article/details/103875396 +- http://www.vxjump.net/files/vuln_analysis/cve-2017-8464.txt \ No newline at end of file diff --git a/CVE-2018-0833/README.md b/CVE-2018-0833/README.md index ee2e14c..883e1b1 100644 --- a/CVE-2018-0833/README.md +++ b/CVE-2018-0833/README.md @@ -28,6 +28,9 @@ https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0833 ![CVE](https://github.com/Ascotbe/Random-img/blob/master/WindowsKernelExploits/CVE-2018-0833.gif?raw=true) +#### 分析文章 +- https://de4dcr0w.github.io/cve%E6%BC%8F%E6%B4%9E/SMBv3%E6%97%A0%E6%95%88%E6%8C%87%E9%92%88%E5%BC%95%E7%94%A8%E6%BC%8F%E6%B4%9E(CVE-2018-0833).html + #### 漏洞来源 -- [exploit-db](https://www.exploit-db.com/exploits/44189) \ No newline at end of file +- [exploit-db](https://www.exploit-db.com/exploits/44189) diff --git a/CVE-2018-1038/README.md b/CVE-2018-1038/README.md index 156f817..954037e 100644 --- a/CVE-2018-1038/README.md +++ b/CVE-2018-1038/README.md @@ -21,3 +21,7 @@ https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1038 暂无找到可以测试通过的POC +#### 分析文章 +- https://blog.xpnsec.com/total-meltdown-cve-2018-1038/ +- https://www.anquanke.com/post/id/106156 +- https://de4dcr0w.github.io/%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90/CVE-2018-1038-TotalMeltdown%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90%E7%9A%84%E4%B8%80%E7%82%B9%E8%AE%B0%E5%BD%95.html \ No newline at end of file diff --git a/CVE-2018-8120/README.md b/CVE-2018-8120/README.md index 51fbb02..2ca46ca 100644 --- a/CVE-2018-8120/README.md +++ b/CVE-2018-8120/README.md @@ -29,3 +29,9 @@ https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8120 ![1](https://github.com/Ascotbe/Random-img/blob/master/WindowsKernelExploits/CVE-2018-8120_win7_x64.gif?raw=true) +#### 分析文章 +- https://github.com/EVOL4/CVE-2018-8120/blob/master/CVE-2018-8120.md +- https://b2ahex.github.io/blog/2018/05/15/8120%E5%88%86%E6%9E%90/index.html +- https://paper.seebug.org/614/ +- https://xz.aliyun.com/t/8667 +- http://xz.aliyun.com/t/5966 \ No newline at end of file diff --git a/CVE-2018-8440/README.md b/CVE-2018-8440/README.md index c727b40..c2eeb31 100644 --- a/CVE-2018-8440/README.md +++ b/CVE-2018-8440/README.md @@ -32,4 +32,9 @@ https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8440 #### 利用方式 -暂无 \ No newline at end of file +暂无 + +#### 分析文章 +- https://blog.0patch.com/2018/08/how-we-micropatched-publicly-dropped.html +- https://blog.0patch.com/2018/09/comparing-our-micropatch-with.html +- https://www.anquanke.com/post/id/169382 \ No newline at end of file diff --git a/CVE-2018-8453/README.md b/CVE-2018-8453/README.md index fee66fd..b85ffca 100644 --- a/CVE-2018-8453/README.md +++ b/CVE-2018-8453/README.md @@ -42,6 +42,16 @@ https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8453 ![CVE-2018-8453](https://github.com/Ascotbe/Random-img/raw/master/WindowsKernelExploits/CVE-2018-8453_win10_1709_x64.gif?raw=true) +#### 分析文章 +- https://github.com/thepwnrip/leHACK-Analysis-of-CVE-2018-8453 +- https://www.anquanke.com/post/id/162894 +- https://paper.seebug.org/784/ +- https://paper.seebug.org/798/ +- https://bbs.pediy.com/thread-249021.htm +- https://www.jianshu.com/p/082bd9992b57 +- https://www.whsgwl.net/blog/CVE-2018-8453_0.html +- https://www.whsgwl.net/blog/CVE-2018-8453_1.html + #### 项目来源 - [ze0r](https://github.com/ze0r/cve-2018-8453-exp) \ No newline at end of file diff --git a/CVE-2018-8639/README.md b/CVE-2018-8639/README.md index 493f65c..a3ab1b2 100644 --- a/CVE-2018-8639/README.md +++ b/CVE-2018-8639/README.md @@ -54,4 +54,9 @@ https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8639 Windows 7 SP1 X64测试通过的EXP,上GIF图 -![3](https://github.com/Ascotbe/Random-img/blob/master/WindowsKernelExploits/8.gif?raw=true) \ No newline at end of file +![3](https://github.com/Ascotbe/Random-img/blob/master/WindowsKernelExploits/8.gif?raw=true) + +#### 分析文章 +- https://www.anquanke.com/post/id/183358 +- https://bbs.pediy.com/thread-251400.htm +- https://bbs.pediy.com/thread-254305.htm \ No newline at end of file diff --git a/CVE-2019-0623/README.md b/CVE-2019-0623/README.md index a454aa0..ea579e1 100644 --- a/CVE-2019-0623/README.md +++ b/CVE-2019-0623/README.md @@ -36,7 +36,8 @@ https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0623 - - +#### 分析文章 +- https://paper.seebug.org/832/ diff --git a/CVE-2019-0803/README.md b/CVE-2019-0803/README.md index aa77b65..808b0a3 100644 --- a/CVE-2019-0803/README.md +++ b/CVE-2019-0803/README.md @@ -41,3 +41,8 @@ https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0803 这里测试机器是Windows Server 2008 R2 x64,上GIF图 ![11](https://github.com/Ascotbe/Random-img/blob/master/WindowsKernelExploits/4.gif?raw=true) + +#### 分析文章 +- https://bbs.pediy.com/thread-260289.htm +- https://www.jianshu.com/p/91e0f79f36eb +- https://zhuanlan.zhihu.com/p/62520006 \ No newline at end of file diff --git a/CVE-2019-0808/README.md b/CVE-2019-0808/README.md index eb4d190..24450dd 100644 --- a/CVE-2019-0808/README.md +++ b/CVE-2019-0808/README.md @@ -25,7 +25,11 @@ https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0808 - - +#### 分析文章 +- https://paper.seebug.org/856/ +- https://xz.aliyun.com/t/5142 +- http://www.lahonja.me/2019/10/10/CVE-2019-0808%E8%AF%A6%E7%BB%86%E5%88%86%E6%9E%90/ +- https://blog.knownsec.com/2020/11/cve-2019-0808-%E4%BB%8E%E7%A9%BA%E6%8C%87%E9%92%88%E8%A7%A3%E5%BC%95%E7%94%A8%E5%88%B0%E6%9D%83%E9%99%90%E6%8F%90%E5%8D%87/ #### 代码来源 diff --git a/CVE-2019-0859/README.md b/CVE-2019-0859/README.md index 397520e..cfc6498 100644 --- a/CVE-2019-0859/README.md +++ b/CVE-2019-0859/README.md @@ -36,3 +36,8 @@ https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0859 暂无 +#### 分析文章 +- https://www.secrss.com/articles/9942 +- https://blog.csdn.net/blackorbird/article/details/102462546 +- https://www.4hou.com/posts/3jRO +- https://nosec.org/home/detail/2490.html diff --git a/CVE-2019-1132/README.md b/CVE-2019-1132/README.md index f74547e..5515565 100644 --- a/CVE-2019-1132/README.md +++ b/CVE-2019-1132/README.md @@ -25,7 +25,11 @@ https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1132 - - +#### 分析文档 +- https://zhuanlan.zhihu.com/p/335166796 +- https://ti.qianxin.com/blog/articles/buhtrap-cve-2019-1132-attack-event-related-vulnerability-sample-analysis/ +- https://www.welivesecurity.com/2019/07/10/windows-zero-day-cve-2019-1132-exploit/ +- https://www.anquanke.com/post/id/181794 #### 代码来源 diff --git a/CVE-2019-1388/README.md b/CVE-2019-1388/README.md index f8154c8..52377a7 100644 --- a/CVE-2019-1388/README.md +++ b/CVE-2019-1388/README.md @@ -42,4 +42,8 @@ https://github.com/Ascotbe/WindowsKernelExploits/blob/master/CVE-2019-1388/HHUPD 测试系统Windows 7 SP1 x64 -![1](https://github.com/Ascotbe/Random-img/blob/master/WindowsKernelExploits/2.gif?raw=true) \ No newline at end of file +![1](https://github.com/Ascotbe/Random-img/blob/master/WindowsKernelExploits/2.gif?raw=true) + +#### 分析文章 +- http://blog.leanote.com/post/snowming/38069f423c76 +- https://mp.weixin.qq.com/s/q4UICIVwC4HX-ytvWo8Dvw \ No newline at end of file diff --git a/CVE-2019-1458/README.md b/CVE-2019-1458/README.md index 2565d7f..ae4b30e 100644 --- a/CVE-2019-1458/README.md +++ b/CVE-2019-1458/README.md @@ -39,4 +39,9 @@ cve-2019-1458.exe 测试系统Windows 7 SP1 x64 ,直接上GIF图 -![11](https://github.com/Ascotbe/Random-img/blob/master/WindowsKernelExploits/3.gif?raw=true) \ No newline at end of file +![11](https://github.com/Ascotbe/Random-img/blob/master/WindowsKernelExploits/3.gif?raw=true) + +#### 分析文章 +- https://github.com/piotrflorczyk/cve-2019-1458_POC +- https://bbs.pediy.com/thread-260268.htm +- https://thunderjie.github.io/2020/03/21/CVE-2019-1458-%E4%BB%8E-%E6%BC%8F%E6%B4%9E%E6%8A%A5%E5%91%8A-%E5%88%B0POC%E7%9A%84%E7%BC%96%E5%86%99%E8%BF%87%E7%A8%8B/ \ No newline at end of file diff --git a/CVE-2020-0668/README.md b/CVE-2020-0668/README.md index 01ae6ce..ab44d00 100644 --- a/CVE-2020-0668/README.md +++ b/CVE-2020-0668/README.md @@ -41,7 +41,10 @@ https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0668 - - +#### 分析文章 +- https://www.anquanke.com/post/id/199011 +- https://www.freebuf.com/vuls/227557.html +- https://itm4n.github.io/cve-2020-0668-windows-service-tracing-eop/ #### 代码来源 diff --git a/CVE-2020-0787/README.md b/CVE-2020-0787/README.md index 72da56b..2123ce3 100644 --- a/CVE-2020-0787/README.md +++ b/CVE-2020-0787/README.md @@ -50,6 +50,10 @@ BitsArbitraryFileMoveExploit.exe ![1](https://github.com/Ascotbe/Random-img/blob/master/WindowsKernelExploits/1.gif?raw=true) +#### 分析文章 +- https://f5.pm/go-28382.html +- https://itm4n.github.io/cve-2020-0787-windows-bits-eop/ +- https://xz.aliyun.com/t/7935 #### 项目来源 diff --git a/CVE-2020-0796/README.md b/CVE-2020-0796/README.md index d787e5c..d758905 100644 --- a/CVE-2020-0796/README.md +++ b/CVE-2020-0796/README.md @@ -45,7 +45,14 @@ Get-FileHash -Path c:/windows/system32/drivers/srv2.sys ![1](https://github.com/Ascotbe/Random-img/blob/master/WindowsKernelExploits/6.gif?raw=true) - +#### 分析文章 +- https://paper.seebug.org/1168/ +- https://www.freebuf.com/column/230770.html +- https://jcxp.github.io/2020/03/31/CVE-2020-0796-SMB%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90/ +- https://www.cnblogs.com/potatsoSec/p/12484973.html +- https://blog.csdn.net/RatOnSea/article/details/106399450 +- https://blogs.360.cn/post/CVE-2020-0796.html +- https://zhuanlan.zhihu.com/p/133460472 #### 项目来源 diff --git a/CVE-2020-1034/README.md b/CVE-2020-1034/README.md index b02db8e..efd9d04 100644 --- a/CVE-2020-1034/README.md +++ b/CVE-2020-1034/README.md @@ -38,7 +38,13 @@ https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1034 - - +#### 分析文章 +- https://windows-internals.com/exploiting-a-simple-vulnerability-in-35-easy-steps-or-less +- https://windows-internals.com/exploiting-a-simple-vulnerability-part-1-5-the-info-leak/ +- https://windows-internals.com/exploiting-a-simple-vulnerability-part-2-what-if-we-made-exploitation-harder/ +- https://cloud.tencent.com/developer/article/1750818 +- https://www.4hou.com/posts/Np4N +- https://www.anquanke.com/post/id/223724 diff --git a/CVE-2020-1054/README.md b/CVE-2020-1054/README.md index 1df8343..64cd5de 100644 --- a/CVE-2020-1054/README.md +++ b/CVE-2020-1054/README.md @@ -55,6 +55,11 @@ cargo build --release ![CVE-2020-1054](https://github.com/Ascotbe/Random-img/blob/master/WindowsKernelExploits/CVE-2020-1054_windows_7_x64.gif?raw=true) +#### 分析文章 +- https://www.anquanke.com/post/id/209329 +- https://mp.weixin.qq.com/s?__biz=MjM5NTc2MDYxMw==&mid=2458334073&idx=1&sn=d8ffd415a148aac507b0173eb906badb&chksm=b18003f386f78ae5c76971e993f42409a0c22fd52468949bf08436469e7456f4cc836ab9ba71&scene=21 +- https://bbs.pediy.com/thread-260884.htm + #### 代码来源 - [0xeb-bp](https://github.com/0xeb-bp/cve-2020-1054) \ No newline at end of file diff --git a/CVE-2020-1472/README.md b/CVE-2020-1472/README.md index 70a5854..9a68db6 100644 --- a/CVE-2020-1472/README.md +++ b/CVE-2020-1472/README.md @@ -122,6 +122,12 @@ python3 CVE-2020-1472_RestoreOriginalPassword.py dc 192.168.183.171 d4ac5a73fd3f ![image-20201002212122966](https://github.com/Ascotbe/Random-img/blob/master/WindowsKernelExploits/CVE-2020-1472_restore_original_password.png?raw=true) +#### 分析文章 +- https://xz.aliyun.com/t/8367 +- https://www.freebuf.com/articles/system/249860.html +- https://www.freebuf.com/vuls/249813.html +- https://cert.360.cn/report/detail?id=2e904ef9ac96834a3dd7fc058cea4fe5 + #### 项目来源 - 扫描脚本:[SecuraBV](https://github.com/SecuraBV/CVE-2020-1472) diff --git a/CVE-2020-16898/README.md b/CVE-2020-16898/README.md index d7e32bd..5fe0ad2 100644 --- a/CVE-2020-16898/README.md +++ b/CVE-2020-16898/README.md @@ -41,6 +41,12 @@ https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1689 ![4](https://github.com/Ascotbe/Random-img/blob/master/WindowsKernelExploits/CVE-2020-16898_win_10_1709.gif?raw=true) +#### 分析文章 +- https://www.anquanke.com/post/id/220862 +- https://bestwing.me/CVE-2020-15898-analysis.html +- http://www.v4ler1an.com/2020/10/cve-2020-16898/ +- https://cert.360.cn/report/detail?id=771d8ddc2d703071d5761b6a2b139793 + #### 脚本来源 - 蓝屏脚本:[momika233](https://github.com/momika233/CVE-2020-16898-exp) diff --git a/CVE-2020-17087/README.md b/CVE-2020-17087/README.md index e692246..f2b2a3b 100644 --- a/CVE-2020-17087/README.md +++ b/CVE-2020-17087/README.md @@ -109,3 +109,6 @@ return 0; } ``` +#### 分析文章 +- https://blog.csdn.net/weixin_43815930/article/details/114123728 +- https://www.anquanke.com/post/id/221964 \ No newline at end of file diff --git a/CVE-2021-1732/README.md b/CVE-2021-1732/README.md index 90d7478..d4c01c1 100644 --- a/CVE-2021-1732/README.md +++ b/CVE-2021-1732/README.md @@ -35,6 +35,13 @@ https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1732 ![1](https://github.com/Ascotbe/Random-img/blob/master/WindowsKernelExploits/CVE-2021-1732_windows_10_1909_x64.gif?raw=true) +#### 分析文章 +- https://www.freebuf.com/vuls/270295.html +- https://021w.github.io/2021/03/12/CVE-2021-1732Win32kfull-sys%E5%86%85%E6%A0%B8%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90/ +- https://laptrinhx.com/shen-ru-pou-xicve-2021-1732lou-dong-1153028117/ +- https://bbs.pediy.com/thread-266362.htm +- https://www.secrss.com/articles/29758 + #### 代码来源 - [KaLendsi](https://github.com/KaLendsi/CVE-2021-1732-Exploit) \ No newline at end of file