n1xbyte / cve-2019-0708 Goto Github PK
View Code? Open in Web Editor NEWdump
dump
I don't understand the channum mean what
patched windows server 2008 r2
kbKB2667402
then run crashexploit.py
the host is ok
so
this fake poc!!! is NOT CVE-2019-0708 POC
How to solve it?
"Going to drop the crash PoC here Friday if there isnt one public already... Maybe the following week, depending on if the vulnerable numbers drop consistently or not.
Crash PoC on all affected platforms 32/64"
It's actually really hilarious that people nowadays doesn't even understand why you put multiple \x41 (AAAAAAAAAAAAAAAAAAA...) in a heap, lol. BTW: The thing with you did with the channum and the multiplication for the padding to make sure that the stack pointer lands on that free after use heap is absolutely genius, congratulations.
No worries, I'll not release anything but don't you think it's way more funny to see that the biggest part of the people don't have any idea about how a stack pointer works?
As the title.
Thanks again.
Hi,
your codes is hitting the vulnerable path of termdd.sys, but the 3rd parameter of the IcaBindChannel function seems to be fixed at int64(3) or int64(4) while running your codes.
According to the public informations, the 3rd parameter should be controlled if we want to exploit this bug.
Any idea?
OpenSSL.SSL.SysCallError: (104, 'ECONNRESET')
I am new to Python. I reviewed the code and everything looked like it would be fine to run. I was testing against a machine I thought was vulnerable still on my network but I wasn't seeing anything happen. I got frustrated and started hitting a range on my network. Our IT help desk started getting calls from users that their computers were blue screening. I stopped the script from running but it made it to several subnets and unknown how many machines.
Can someone please help verify that there was no malware sent with the commands? I think it was only causing the blue screen issue and nothing else.
This is only one POC which trigger the corrupt memory.
For other POC, most of them didnt even finish sending "font list pdu", and they call it a crash POC or a part of working exploit?
Nice work bro, I guess it needs more bytes in Virtual Channel PDU to cover more memory.
How to deal with it, someone can help me
This is what I get when I run it on a vulnerable system
Traceback (most recent call last): File "crashpoc.py", line 194, in <module> main(sys.argv) File "crashpoc.py", line 158, in main tls = send_init_packets(args[1]) File "crashpoc.py", line 71, in send_init_packets tls.do_handshake() File "/usr/lib/python2.7/dist-packages/OpenSSL/SSL.py", line 1915, in do_handshake self._raise_ssl_error(self._ssl, result) File "/usr/lib/python2.7/dist-packages/OpenSSL/SSL.py", line 1639, in _raise_ssl_error raise SysCallError(errno, errorcode.get(errno)) OpenSSL.SSL.SysCallError: (104, 'ECONNRESET')
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.