CVE-2020-0796 - CVE-2020-0796 Pre-Auth POC
(c) 2020 ZecOps, Inc. - https://www.zecops.com - Find Attackers' Mistakes
POC to check for CVE-2020-0796 / "SMBGhost"
Expected outcome: Blue Screen
Intended only for educational and testing in corporate environments.
ZecOps takes no responsibility for the code, use at your own risk.
Please contact [email protected] if you are interested in agent-less DFIR tools for Servers, Endpoints, and Mobile Devices to detect SMBGhost and other types of attacks automatically.
Usage
CVE-2020-0796-POC.exe [<TargetServer>]
If <TargetServer>
is omitted, the POC is executed on localhost (127.0.0.1
).
You can get the compiled POC here.
Compiling
Use Visual Studio to compile the following projects:
ProtoSDK\Asn1Base\Asn1Base.csproj
ProtoSDK\MS-XCA\Xca.csproj
ProtoSDK\MS-SMB2\Smb2.sln
Use the resulting exe file to run the POC.
References
- Vulnerability Reproduction: CVE-2020-0796 POC - ZecOps Blog
- CVE-2020-0796 - Microsoft Security Response Center
- SMBGhost Analysis - Lucas Georges
![CVE-2020-0796 - CVE-2020-0796 Pre-Auth POC](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi6OjDkCzgORBgU22KsWlc5QMeps6-guNe2lVsEQXmb0jOROZ99oBVKxrgGI67Pf1_3uXSEL0nA0En_KPpo1dNNWQN_bx38dLvQe4QbeLw6iM-qZvL_w_ZMR3XrL60_fvrnG5CFVoFJCane/s72-c/CVE-2020-0796-POC_1_demo.gif)