Mirrors_BOOKS/Penetration_Testing_POC
1
0
Fork 0
mirror of https://github.com/Mr-xn/Penetration_Testing_POC.git synced 2026-05-09 14:27:36 +08:00
Code Issues Actions 9 Packages Projects Releases Wiki Activity

upload img md rb file

Browse Source
This commit is contained in:
mr-xn
2019-08-20 12:12:55 +08:00
parent a9b79f18bf
commit de7349e0fb
8 changed files with 253 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
IIS/CVE-2017-7269-Echo-PoC/1.png
BIN
View File
Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 50 KiB

IIS/CVE-2017-7269-Echo-PoC/2.png
BIN
View File
Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 32 KiB

IIS/CVE-2017-7269-Echo-PoC/3.png
BIN
View File
Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 32 KiB

IIS/CVE-2017-7269-Echo-PoC/4.png
BIN
View File
Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 82 KiB

IIS/CVE-2017-7269-Echo-PoC/5.png
BIN
View File
Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 75 KiB

IIS/CVE-2017-7269-Echo-PoC/cve-2017-7269.rb
+77
View File
File diff suppressed because one or more lines are too long
IIS/CVE-2017-7269-Echo-PoC/readme.md
+8 -2
View File
@@ -2,14 +2,20 @@
### CVE-2017-7269 远程代码执行回显验证
---
我们团队对此次 CVE-2017-7269 漏洞的分析报告: https://ht-sec.org/cve-2017-7269-vulnerabilities/
我们团队对此次 CVE-2017-7269(IIS6-0远程命令执行漏洞) 漏洞的分析报告: https://ht-sec.org/cve-2017-7269-vulnerabilities/
默认PoC 只能弹`calc.exe` ,现在修改成可以响应请求,命令格式为:<br/>
CVE-2017-7269_remote_echo.py ip_address port
`CVE-2017-7269_remote_echo.py ip_address port`
<br/>
### 利用条件
- iis6.0
- 开启WebDav功能(具体为PROPFIND方法,成功则返回207或者200)
- windows server 2003 R2
效果如下:<br/>
![](./example.png)
IIS/CVE-2017-7269-Echo-PoC/详细信息.md
+168
View File
File diff suppressed because one or more lines are too long