关联漏洞
标题:
Microsoft Windows WebDAV 特权提升漏洞
(CVE-2016-0051)
描述:Microsoft Windows是美国微软(Microsoft)公司发布的一系列操作系统。WebDAV client是其中的一款Web分布式创作和版本控制客户端。 Microsoft Windows的WebDAV客户端中存在特权提升漏洞,该漏洞源于程序没有正确验证输入。本地攻击者可利用该漏洞使用提升的特权执行任意代码。以下版本受到影响:Microsoft Windows Vista SP2,Windows Server 2008 SP2和R2 SP1,Windows 7 SP1,Windows 8.1,
介绍
Proof-of-concept BSoD (Blue Screen of Death) and Elevation of Privilege (to SYSTEM) code for my CVE-2016-0051 (MS-016).
vulnerabilty poc auhor: koczkatamas
https://twitter.com/koczkatamas
Original code: https://github.com/koczkatamas/CVE-2016-0051
Thanks to koczkatamas
this PoC will run from CMD and the shell will spwan in the same CMD -pid-
Please refer to the link above for further information
<img src="https://i.gyazo.com/7cdc95001e67c5ce55ff53fb917f47f2.png" img>
this repo contains the sources code for windows 7 PoC, also they already compiled if you have trouble
copy EoP.exe and Shellcode.dll to Win7 machine, run the exploit
got sys?
https://twitter.com/hex00r
You can find both exploits on Exploit-db
1) koczkatamas
https://www.exploit-db.com/exploits/39432/
2) hex0r
https://www.exploit-db.com/exploits/39788/
Compiled with VS
C#
文件快照
[4.0K] /data/pocs/6ea9874a22105ac55c5f27118cdb23b575264e6e
├── [8.7K] compiled.zip
├── [ 10M] EoP.zip
└── [ 862] README.md
0 directories, 3 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。