漏洞平台

POC详情： 8b37a3c7152497d6b9bc2243fcfc6fcf3b1c6252

来源

https://github.com/koczkatamas/CVE-2016-0051

关联漏洞

标题： Microsoft Windows WebDAV 特权提升漏洞 (CVE-2016-0051)
描述：Microsoft Windows是美国微软（Microsoft）公司发布的一系列操作系统。WebDAV client是其中的一款Web分布式创作和版本控制客户端。 Microsoft Windows的WebDAV客户端中存在特权提升漏洞，该漏洞源于程序没有正确验证输入。本地攻击者可利用该漏洞使用提升的特权执行任意代码。以下版本受到影响：Microsoft Windows Vista SP2，Windows Server 2008 SP2和R2 SP1，Windows 7 SP1，Windows 8.1，

描述

EoP (Win7) & BSoD (Win10) PoC for CVE-2016-0051 (MS-016)

介绍

# CVE-2016-0051
Proof-of-concept BSoD (Blue Screen of Death) and Elevation of Privilege (to SYSTEM) code for my CVE-2016-0051 (MS-016).

### EoP to SYSTEM on Windows 7 SP1 x86

![Elevation of Privilege on Windows 7 x86 before the patch](eop_win7x86.gif)

### BSoD on a Windows 10 x64

![Crash on a Windows 10 x64 before the patch](bsod_win10x64.gif)

### Links

* [Microsoft Security Bulletin MS16-016](https://technet.microsoft.com/en-us/library/security/ms16-016.aspx)
* [Microsoft Acknowledgements page](https://technet.microsoft.com/library/security/mt674627.aspx)
* [A variant of this PoC where the shell will be spawn in the same CMD](https://github.com/hexx0r/CVE-2016-0051) by hexx0r

### Timeline

* 2015.09.18. Vulnerability found
* 2015.09.24. Reported to MSRC (Microsoft Security Response Center) with this proof-of-concept code
* 2015.09.25. MSRC filed the report, provided point of contact information and sent the info to their analysts
* 2015.09.30. MSRC reproduced the issue, started to investigate whether they will fix it or not
* 2015.10.16. MSRC confirmed that it is exploitable and that they will fix in an upcoming patch release, asked for acknowledgement information
* 2016.02.09. Vulnerability fixed in the 2016 February Patch Tuesday update
* 2016.02.09. BSoD PoC published here
* 2016.02.11. MSRC confirmed to me that they fixed the vulnerability
* 2016.02.15. EoP published here

### Details

TODO

文件快照


 [4.0K]  /data/pocs/8b37a3c7152497d6b9bc2243fcfc6fcf3b1c6252
├── [4.0K]  BSoD
│   ├── [4.0K]  BSoD
│   │   ├── [ 182]  App.config
│   │   ├── [2.4K]  BSoD.csproj
│   │   ├── [4.8K]  Program.cs
│   │   └── [4.0K]  Properties
│   │       └── [1.4K]  AssemblyInfo.cs
│   └── [ 959]  BSoD.sln
├── [ 11K]  BSoD.exe
├── [1.2M]  bsod_win10x64.gif
├── [4.0K]  EoP
│   ├── [4.0K]  EoP
│   │   ├── [ 151]  App.config
│   │   ├── [3.4K]  EoP.csproj
│   │   ├── [ 11K]  Program.cs
│   │   └── [4.0K]  Properties
│   │       └── [1.3K]  AssemblyInfo.cs
│   ├── [2.8K]  EoP.sln
│   └── [4.0K]  Shellcode
│       ├── [3.7K]  Shellcode.cpp
│       ├── [7.4K]  Shellcode.vcxproj
│       ├── [ 940]  Shellcode.vcxproj.filters
│       └── [ 162]  Shellcode.vcxproj.user
├── [1.9M]  eop_win7x86.gif
├── [8.5K]  EoP.zip
└── [1.4K]  README.md

7 directories, 19 files

神龙机器人已为您缓存

备注

1. 建议优先通过来源进行访问。

2. 如果因为来源失效或无法访问，请发送邮箱到 f.jinxu#gmail.com 索取本地快照（把 # 换成 @）。

3. 神龙已为您对POC代码进行快照，为了长期维护，请考虑为本地POC付费，感谢您的支持。