bozhihouc/MS17-010
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update README.md

Browse Source
This commit is contained in:
worawit
2017-07-11 22:53:07 +07:00
parent 2c39ef8c61
commit abfa89dc31
1 changed files with 3 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
README.md
View File

@@ -5,6 +5,7 @@ This repository is for public my work on MS17-010. I have no plan to do any supp
## Files
* **BUG.txt** MS17-010 bug detail and some analysis
* **checker.py** Script for finding accessible named pipe
* **eternalblue_exploit7.py** Eternalblue exploit for windows 7/2008
* **eternalblue_exploit8.py** Eternalblue exploit for windows 8/2012 x64
* **eternalblue_poc.py** Eternalblue PoC for buffer overflow bug
@@ -22,14 +23,14 @@ This repository is for public my work on MS17-010. I have no plan to do any supp
* **infoleak_uninit.py** PoC for leaking info from uninitialized transaction data buffer
* **mysmb.py** Extended Impacket SMB class for easier to exploit MS17-010 bugs
* **npp_control.py** PoC for controlling nonpaged pool allocation with session setup command
* **zzz_exploit.py** Exploit for Windows7 and later (x64 only and requires access to named pipe)
* **zzz_exploit.py** Exploit for Windows7 and later (requires access to named pipe)
## Anonymous user
Anonymous user (null session) get more restriction on default settings of new Windows version. To exploit Windows SMB without authentication, below behavior should be aware.
* Since Windows Vista (maybe Windows 2003 SPx), default settings does not allow anonymous to access any named pipe
* Since Windows Vista, default settings does not allow anonymous to access any named pipe
* Since Windows 8, default settings does not allow anonymous to access IPC$ share (IPC$ might be acessible but cannot do much)