受漏洞影響版本:
Windows 10 Version 1903 for 32-bit Systems
Windows 10 Version 1903 for ARM64-based Systems
Windows 10 Version 1903 for x64-based Systems
Windows 10 Version 1909 for 32-bit Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows 10 Version 1909 for x64-based Systems
Windows Server, version 1903 (Server Core installation)
Windows Server, version 1909 (Server Core installation)
靶機環境:
win+r輸入winver檢視版本資訊
![](https://img.laitimes.com/img/9ZDMuAjOiMmIsIjOiQnIsICM38FdsYkRGZkRG9lcvx2bjxiNx8VZ6l2cs0TPB1keVRkTykFROBDOsJGcohVYsR2MMBjVtJWd0ckW65UbM5WOHJWa5kHT20ESjBjUIF2X0hXZ0xCMx81dvRWYoNHLrdEZwZ1Rh5WNXp1bwNjW1ZUba9VZwlHdssmch1mclRXY39CXldWYtlWPzNXZj9mcw1ycz9WL49zZuBnL4ATOzEzMwATM1ETNwAjMwIzLc52YucWbp5GZzNmLn9Gbi1yZtl2Lc9CX6MHc0RHaiojIsJye.png)
win+r輸入appwiz.cpl檢視更新更新檔包若有KB4551762将其解除安裝
關閉防火牆
複現:
下載下傳檢測代碼:
D:\SMBGhost-master\SMBGhost-master>python scanner.py 192.168.31.150
192.168.31.11 vulnerable.
下載下傳poc
//執行
D:\CVE-2020-0796-PoC-master\CVE-2020-0796-PoC-master>python CVE-2020-0796.py 192.168.31.11
靶機藍屏
//提權exe
https://github.com/f1tz/CVE-2020-0796-LPE-EXP