windows域渗透历史漏洞汇总POC
MS14-068(CVE-2014-6324)
Kerberos 校验和漏洞
https://nvd.nist.gov/vuln/detail/CVE-2014-6324
EXP/POC:
https://github.com/abatchy17/WindowsExploits/tree/master/MS14-068
CVE-2020-1472
Netlogon 特权提升漏洞
https://nvd.nist.gov/vuln/detail/CVE-2020-1472
EXP/POC:
https://github.com/blackarrowsec/redteam-research/tree/master/CVE-2020-1472
CVE-2021-42287&42278
Windows 域服务权限提升漏洞
https://nvd.nist.gov/vuln/detail/CVE-2021-42287
https://nvd.nist.gov/vuln/detail/CVE-2021-42278
EXP/POC:
https://github.com/WazeHell/sam-the-admin
https://github.com/cube0x0/noPac
CVE-2019-1040
Microsoft Windows NTLM 认证漏洞
https://nvd.nist.gov/vuln/detail/CVE-2019-1040
https://paper.seebug.org/962/
EXP/POC:
https://github.com/Ridter/CVE-2019-1040
CVE-2018-8581
Microsoft Exchange 任意用户伪造漏洞
https://nvd.nist.gov/vuln/detail/CVE-2018-8581
EXP/POC:
https://github.com/Ridter/Exchange2domain
CVE-2020-0688
Microsoft Exchange 反序列化 RCE
https://nvd.nist.gov/vuln/detail/CVE-2020-0688
EXP/POC:
https://github.com/zcgonvh/CVE-2020-0688
CVE-2021-1675
Windows Print Spooler 权限提升漏洞
https://nvd.nist.gov/vuln/detail/CVE-2021-1675
EXP/POC:
https://github.com/cube0x0/CVE-2021-1675
CVE-2021-26855/CVE-2021-27065
Exchange ProxyLogon 远程代码执行漏洞
https://nvd.nist.gov/vuln/detail/CVE-2021-26855
https://nvd.nist.gov/vuln/detail/CVE-2021-27065
EXP/POC:
https://github.com/hausec/ProxyLogon
CVE-2020-17144
Microsoft Exchange 远程代码执行漏洞
https://nvd.nist.gov/vuln/detail/CVE-2020-17144
EXP/POC:
https://github.com/Airboi/CVE-2020-17144-EXP
CVE-2020-16875
Microsoft Exchange 远程代码执行漏洞
https://nvd.nist.gov/vuln/detail/CVE-2020-16875
EXP/POC:
https://srcincite.io/pocs/cve-2020-16875.py.txt
CVE-2021-34473
Exchange ProxyShell SSRF
https://nvd.nist.gov/vuln/detail/CVE-2021-34473
EXP/POC:
https://github.com/dmaasland/proxyshell-poc
CVE-2021-33766
Exchange ProxyToken 信息泄露漏洞
https://nvd.nist.gov/vuln/detail/CVE-2021-33766
EXP/POC:
https://github.com/bhdresh/CVE-2021-33766-ProxyToken
转自:http://uuzdaisuki.com/
作者:Leticia's
侵权删
