域渗透历史漏洞汇总
MS14-068(CVE-2014-6324)
Kerberos 校验和漏洞
https://nvd.nist.gov/vuln/detail/CVE-2014-6324
EXP/POC:
https://github.com/abatchy17/WindowsExploits/tree/master/MS14-068
CVE-2020-1472
Netlogon特权提升漏洞
https://nvd.nist.gov/vuln/detail/CVE-2020-1472
EXP/POC:
https://github.com/blackarrowsec/redteam-research/tree/master/CVE-2020-1472
CVE-2021-42287&42278
Windows域服务权限提升漏洞
https://nvd.nist.gov/vuln/detail/CVE-2021-42287
https://nvd.nist.gov/vuln/detail/CVE-2021-42278
EXP/POC:
https://github.com/WazeHell/sam-the-admin
https://github.com/cube0x0/noPac
CVE-2019-1040
Microsoft Windows NTLM认证漏洞
https://nvd.nist.gov/vuln/detail/CVE-2019-1040
EXP/POC:
https://github.com/Ridter/CVE-2019-1040
CVE-2018-8581
Microsoft Exchange任意用户伪造漏洞
https://nvd.nist.gov/vuln/detail/CVE-2018-8581
EXP/POC:
https://github.com/Ridter/Exchange2domain
CVE-2020-0688
Microsoft Exchange 反序列化RCE
https://nvd.nist.gov/vuln/detail/CVE-2020-0688
EXP/POC:
https://github.com/zcgonvh/CVE-2020-0688
CVE-2021-1675
Windows Print Spooler权限提升漏洞
https://nvd.nist.gov/vuln/detail/CVE-2021-1675
EXP/POC:
https://github.com/cube0x0/CVE-2021-1675
CVE-2021-26855/CVE-2021-27065
Exchange ProxyLogon远程代码执行漏洞
https://nvd.nist.gov/vuln/detail/CVE-2021-26855
https://nvd.nist.gov/vuln/detail/CVE-2021-27065
EXP/POC:
https://github.com/hausec/ProxyLogon
CVE-2020-17144
Microsoft Exchange 远程代码执行漏洞
https://nvd.nist.gov/vuln/detail/CVE-2020-17144
EXP/POC:
https://github.com/Airboi/CVE-2020-17144-EXP
CVE-2020-16875
Microsoft Exchange 远程代码执行漏洞
https://nvd.nist.gov/vuln/detail/CVE-2020-16875
EXP/POC:
https://srcincite.io/pocs/cve-2020-16875.py.txt
CVE-2021-34473
Exchange ProxyShell SSRF
https://nvd.nist.gov/vuln/detail/CVE-2021-34473
EXP/POC:
https://github.com/dmaasland/proxyshell-poc
CVE-2021-33766
Exchange ProxyToken 信息泄露漏洞
https://nvd.nist.gov/vuln/detail/CVE-2021-33766
EXP/POC:
本博客所有文章除特别声明外,均采用 CC BY-SA 4.0 协议 ,转载请注明出处!