Git Product home page Git Product logo

poc-cve-2022-26809's Introduction

PoC-CVE-2022-26809

PoC for CVE-2022-26809, analisys and considerations are shown in the github.io.

The PoC has been writtin overriding Impacket functions.

Tested with: impacket version 0.10.0

The PoC has not been fully tested, because it should trigger the vulnerability, i.e integer overflow, that leads to a buffer overflow on the heap is reached after 1048576 packets sent, because 1048576*4096 overflow integer of 32 bits.

Did not found any way to cheat on the size, to me seems that fragment len, that is 16 bits, is checked against the real payload size, they must be coherent.

Limitations:

  1. Memory - the mem allocation could fail since the requested must reach 4GB before gaining the overflow, at least this is what I
  2. Time - Assuming that the memory is not a problem, i.e. there is sufficient memory in the system and so the allocation could not fail, the overflow is reached, anyway, after a lot of time this is due because the packet's number to send is big and because the processing time of the data increase basing to the memory used.

The project contains the vulnerable and patched version of the rpcrt dll and the RPC Server is here: RPC Server

Finally, I wrote the PoC at the end of an analisys just to challenge my self and learn a bit more about RPC implementation.

The analisys that led me to write this PoC is on my GithubPages

poc-cve-2022-26809's People

Contributors

s1ckb017 avatar

Stargazers

avatar topanga avatar s3 avatar Huy (Valen) Võ avatar avatar avatar avatar XiaoliChan avatar avatar avatar Michael Cade avatar avatar avatar SovereignComrade avatar Francisco Díaz avatar Erik avatar avatar Nymph avatar YangHaoi avatar Max01203 avatar avatar avatar MyriaBreak avatar 08174 avatar boy1337 avatar Marco avatar Shiv4x6c avatar Lay0us avatar oldkingcone avatar avatar An00byss avatar WtZ avatar avatar avatar 5l1v3r1 avatar yoon jaeheng avatar avatar StaticBunny avatar henhao avatar 98Kstar avatar chris avatar Oliver Techman avatar avatar Cristiano Nunes avatar 爱可可-爱生活 avatar avatar avatar LSA avatar avatar JeffyLapter avatar X avatar avatar xrkk avatar Tommy Wu avatar avatar Chris Kuethe avatar avatar avatar Oleg Petrakov avatar Wayc0de avatar Rafael avatar avatar th0rn5 avatar avatar Filipe João Mendes Rosa avatar avatar Ryota Sakai avatar exp-sky avatar Tony Yang avatar Gionne Cannister avatar Aleksei Kulaev avatar 5gyTwv8RpYZd5jE0J0QJx4WHG4e6oRRcDqIcREq2zxnuu8CMfhxFhsusSStlq3ibELlqRTVWsxulfHzV2K0EQb9xjtuPzNjnvVW avatar avatar avatar avatar Curtis Houghton avatar busterdomo avatar biubiu avatar avatar SYAFIX avatar innxrmxst avatar Isaiah Halsey avatar ICheer_No0M avatar Aniket Mishra avatar Dogman avatar Eliseo avatar Sam Paredes avatar PikaChu avatar avatar Lays avatar Langly avatar avatar avatar avatar Z3r0_TwO avatar avatar beerandgin avatar avatar avatar avatar

Watchers

avatar boy1337 avatar 0x24bin avatar Filipe João Mendes Rosa avatar AxzHandul avatar

Forkers

pirenga polling-repo-continua hxlxmjxbbxs 0xsojalsec amit-pathak009 gavz crackercat t-seclab exploitsfuzzer dunggau nanaao knooow jeffchan69 wayc0des-land startagain2016 olivertechman babaah askyeye musabismail dk47os3r 5l1v3r1 bb33bb l0vecoffee gmh5225 developer191 f0xmulder cesarsilence cpt-jack-a-castle werwolfz

poc-cve-2022-26809's Issues

Authentication issue when running POC

Thank you for your work. I have been testing this and I have run into an issue with authentication. A few questions on this:

  • The original CVE description implied this did not require authentication. Is that not the case?
  • Are legit credentials required? What if legit credentials are not available — can the POC still succeed?

Thanks, Axz

What is the nature of the UUID parameter?

Thank you for your work. I have been testing this and I have a question:

What is the nature of the third parameter to the Python program, the UUID? Can that be any valid UUID value, or is this some specific value, perhaps tied to something on the client machine, or the server machine? What should I use as that parameter value?

Thanks, Axz

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.