{"id":24697,"date":"2022-06-05T00:06:00","date_gmt":"2022-06-04T22:06:00","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=24697"},"modified":"2024-10-05T21:17:20","modified_gmt":"2024-10-05T19:17:20","slug":"riesige-sammlung-von-windows-exploits-auf-github","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2022\/06\/05\/riesige-sammlung-von-windows-exploits-auf-github\/","title":{"rendered":"Large collection of Windows exploits on GitHub"},"content":{"rendered":"

\"Sicherheit[German<\/a>]Microsoft patches numerous vulnerabilities in Windows (and other products) every month. Often known vulnerabilities, but not closed by updates, are used in attacks. The other day I came across a large collection of Windows vulnerabilities that can be exploited by various tools to manipulate privileges if necessary.<\/p>\n

<\/p>\n

\"\"I came across this issue via following tweet<\/a> by Nicolas Krassas. A user lyshark collects these vulnerabilities (Windows exploits) on this GitHub website.<\/p>\n

\"Collection<\/a><\/p>\n

These are vulnerabilities that have a CVE number and have long been known and patched by Microsoft. I took a look at the downloadable ZIP archive files. They are readme text files that contain the respective details about the vulnerable Windows versions. Some of the vulnerabilities refer to ancient Windows versions that have long since fallen out of support.<\/p>\n

The purpose is not yet clear to me, for example when I look at the details of CVE-2003-0352.<\/p>\n

### CVE-2003-0352<\/p>\n

#### \u63cf\u8ff0<\/p>\n

\u67d0\u4e9bRPC\u7684DCOM\u63a5\u53e3\u4e2d\u7684\u7f13\u51b2\u533a\u6ea2\u51fa\u4f7f\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u4ee5\u901a\u8fc7\u683c\u5f0f\u9519\u8bef\u7684\u6d88\u606f\u6267\u884c\u4efb\u610f\u4ee3\u7801<\/p>\n

#### \u5f71\u54cd\u7248\u672c<\/p>\n

| Product | CPU Architecture | Version | Update | Tested |
\n| ——————- | —————- | ——- | —— | —————— |
\n| Windows 2000 | | | | |
\n| Windows 2000 | | | SP1 | |
\n| Windows 2000 | | | SP2 | |
\n| Windows 2000 | | | SP3 | |
\n| Windows 2000 | | | SP4 | &#10004; |
\n| Windows Server 2003 | | R2 | | |
\n| Windows Nt | | | SP1 | |
\n| Windows Nt | | 4.0 | SP2 | |
\n| Windows Nt | | 4.0 | SP3 | |
\n| Windows Nt | | 4.0 | SP4 | |
\n| Windows Nt | | 4.0 | SP5 | |
\n| Windows Nt | | 4.0 | Sp6a | |
\n| Windows Nt | | 4.0 | SP6 | |
\n| Windows Xp | | | SP1 | |
\n| Windows Xp | | | Gold | |<\/p>\n

#### \u5229\u7528\u65b9\u5f0f<\/p>\n

\u6d4b\u8bd5\u7cfb\u7edfWindows 2000 SP4 x86<\/p>\n

\"`
\nuse exploit\/windows\/dcerpc\/ms03_026_dcom
\nset RHOST 192.168.1.17
\nrun
\n\"`<\/p>\n

![image-20200823200752021](https:\/\/raw.github.com\/Ascotbe\/Image\/master\/Kernelhub\/CVE-2003-0352_win2000_x86_msf.png)<\/p>\n

\u67e5\u770b\u7cfb\u7edf\u4fe1\u606f<\/p>\n

![CVE-2003-0352_win2000_x86_msf2](https:\/\/raw.github.com\/Ascotbe\/Image\/master\/Kernelhub\/CVE-2003-0352_win2000_x86_msf2.png)<\/p><\/blockquote>\n

What do people (probably from the Chinese area) want with these old CVEs?<\/p>\n","protected":false},"excerpt":{"rendered":"

[German]Microsoft patches numerous vulnerabilities in Windows (and other products) every month. Often known vulnerabilities, but not closed by updates, are used in attacks. The other day I came across a large collection of Windows vulnerabilities that can be exploited by … Continue reading →<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[580,2],"tags":[69,194],"class_list":["post-24697","post","type-post","status-publish","format-standard","hentry","category-security","category-windows","tag-security","tag-windows"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/24697","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=24697"}],"version-history":[{"count":1,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/24697\/revisions"}],"predecessor-version":[{"id":35823,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/24697\/revisions\/35823"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=24697"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=24697"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=24697"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}