windows域渗透历史漏洞汇总POC

admin 2022年4月9日16:40:47安全文章评论54 views2014字阅读6分42秒阅读模式

MS14-068(CVE-2014-6324)

Kerberos 校验和漏洞

https://nvd.nist.gov/vuln/detail/CVE-2014-6324

EXP/POC:

https://github.com/abatchy17/WindowsExploits/tree/master/MS14-068

CVE-2020-1472

Netlogon 特权提升漏洞

https://nvd.nist.gov/vuln/detail/CVE-2020-1472

EXP/POC:

https://github.com/blackarrowsec/redteam-research/tree/master/CVE-2020-1472

CVE-2021-42287&42278

Windows 域服务权限提升漏洞

https://nvd.nist.gov/vuln/detail/CVE-2021-42287

https://nvd.nist.gov/vuln/detail/CVE-2021-42278

EXP/POC:

https://github.com/WazeHell/sam-the-admin

https://github.com/cube0x0/noPac

CVE-2019-1040

Microsoft Windows NTLM 认证漏洞

https://nvd.nist.gov/vuln/detail/CVE-2019-1040

https://paper.seebug.org/962/

EXP/POC:

https://github.com/Ridter/CVE-2019-1040

CVE-2018-8581

Microsoft Exchange 任意用户伪造漏洞

https://nvd.nist.gov/vuln/detail/CVE-2018-8581

EXP/POC:

https://github.com/Ridter/Exchange2domain

CVE-2020-0688

Microsoft Exchange 反序列化 RCE

https://nvd.nist.gov/vuln/detail/CVE-2020-0688

EXP/POC:

https://github.com/zcgonvh/CVE-2020-0688

CVE-2021-1675

Windows Print Spooler 权限提升漏洞

https://nvd.nist.gov/vuln/detail/CVE-2021-1675

EXP/POC:

https://github.com/cube0x0/CVE-2021-1675

CVE-2021-26855/CVE-2021-27065

Exchange ProxyLogon 远程代码执行漏洞

https://nvd.nist.gov/vuln/detail/CVE-2021-26855

https://nvd.nist.gov/vuln/detail/CVE-2021-27065

EXP/POC:

https://github.com/hausec/ProxyLogon

CVE-2020-17144

Microsoft Exchange 远程代码执行漏洞

https://nvd.nist.gov/vuln/detail/CVE-2020-17144

EXP/POC:

https://github.com/Airboi/CVE-2020-17144-EXP

CVE-2020-16875

Microsoft Exchange 远程代码执行漏洞

https://nvd.nist.gov/vuln/detail/CVE-2020-16875

EXP/POC:

https://srcincite.io/pocs/cve-2020-16875.py.txt

CVE-2021-34473

Exchange ProxyShell SSRF

https://nvd.nist.gov/vuln/detail/CVE-2021-34473

EXP/POC:

https://github.com/dmaasland/proxyshell-poc

CVE-2021-33766

Exchange ProxyToken 信息泄露漏洞

https://nvd.nist.gov/vuln/detail/CVE-2021-33766

EXP/POC:

https://github.com/bhdresh/CVE-2021-33766-ProxyToken

转自:http://uuzdaisuki.com/

作者:Leticia's



[] - BurpSuiteTips

 - 

[] - IPV1.0

linux+


windows域渗透历史漏洞汇总POC

一起学安全 ◍°∇°◍)





原文始发于微信公众号(渗透测试教程):windows域渗透历史漏洞汇总POC

特别标注: 本站(CN-SEC.COM)所有文章仅供技术研究,若将其信息做其他用途,由用户承担全部法律及连带责任,本站不承担任何法律及连带责任,请遵守中华人民共和国安全法.
  • 我的微信
  • 微信扫一扫
  • weinxin
  • 我的微信公众号
  • 微信扫一扫
  • weinxin
admin
  • 本文由 发表于 2022年4月9日16:40:47
  • 转载请保留本文链接(CN-SEC中文网:感谢原作者辛苦付出):
                  windows域渗透历史漏洞汇总POC http://cn-sec.com/archives/889266.html

发表评论

匿名网友 填写信息

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: