ASP.NET Core 1.0.1 发布了,这个是ASP.NET Core 2016.9 的更新补丁。

1提权辅助工具Windows-Exploit-Suggester

你可以在下面相应的页面中找到关于此版本的组件修复的问题:

1.1Windows-Exploit-Suggester简介

  • Antiforgery

  • EntityFramework

  • KestrelHttpServer

  • Mvc

  • Routing

1.简介

其他更新内容:

Windows-Exploit-Suggester是受Linux_Exploit_Suggester的启发而开发的一款提权辅助工具,其官方下载地址:

  • Microsoft Security Advisory 3181759 : Vulnerabilities in ASP.NET
    Core View Components Could Allow Elevation of Privilege – aspnet
    203

  • MVC updates for FIPS compliance – mvc
    5103; Antiforgery
    95

  • HTTP Verbs mapping error GET and DELETE – mvc
    5038

  • ResponseBody and the corresponding stream is replicated in future
    requests in some cases KestrelHttpServer
    1028

  • Several Entity Framework Core
    updates

2.实现原理

Security Advisory

Windows-Exploit-Suggester通过下载微软公开漏洞库到本地“生成日期+mssb.xls”文件,然后根据操作系统版本,跟systeminfo生成的文件进行比对。微软公开漏洞库下载地址:

  • Vulnerabilities in ASP.NET Core View Components Could Allow
    Elevation of
    Privilege(aspnet/Announcements#203)

Breaking Changes

1.2使用Windows-Exploit-Suggester

  • There are no breaking changes in this release

1.下载Windows-Exploit-Suggester、python3.3以及xlrd

Known Issues

  • There are no known issues in this release

下载地址:

  • Source
    code (zip)

  • Source
    code (tar.gz)

发行说明:

2.本地安装

本地安装python3.3.3对应平台版本程序,安装完成后,将文件xlrd-1.0.0.tar.gz复制到python3.3.3安装目录下解压,然后命令提示符下执行setup.py
install。否则第一次执行会显示无结果,如图1所示,提示升级或者安装xlrd库文件。

文章转载自:开源中国社区 []    

图1提示安装xlrd库文件

3.下载漏洞库

使用以下命令,将在本地文件夹下生成生成日期+mssb.xls”文件,比如使用命令会生成2017-03-20-mssb.xls文件,网上公开资料生成2017-03-20-mssb.xlsx是错误的,如图2所示,执行命令“*windows-exploit-suggester.py*

–update”生成文件2017-03-20-mssb.xls。

图2生成漏洞库文件

4.生成系统信息文件

使用“systeminfo >
win7sp1-systeminfo.txt”命令生成win7sp1-systeminfo.txt文件,在真实环境中可以将生成的文件下载到本地进行比对。

5.查看系统漏洞

使用命令“windows-exploit-suggester.py –database 2017-03-20-mssb.xls

–systeminfo
win7sp1-systeminfo.txt”查看系统存在的高危漏洞,如图3所示,对win7系统进行查看的结果,显示ms14-026为可以利用的PoC。

图3查看win7可利用的poc

6.查看帮助文件

windows-exploit-suggester.py -h查看使用帮助。

1.3技巧与高级利用

1.远程溢出漏洞

目标系统利用systeminfo生成文件,进行比对,例如对win2003生成的系统信息进行比对:

windows-exploit-suggester.py

–database 2017-03-20-mssb.xls –systeminfo win2003.txt

结果显示存在MS09-043、MS09-004、MS09-002、MS09-001、MS08-078和MS08-070远程溢出漏洞。

2.所有漏洞审计

使用以下命令进行所有漏洞的审计,如图5所示,对windows2003服务器进行审计发现存在24个漏洞。“–audit
-l”对本地溢出漏洞进行审计,“–audit -r”对远程溢出漏洞进行审计。

澳门新萄京官方网站,windows-exploit-suggester.py–audit –database
2017-03-20-mssb.xls–systeminfo win2003.txt

*
*

图5审计所有漏洞

3.搜索本地可利用漏洞信息

“-l”参数比较78补丁,137已知漏洞。带“-l”参数搜索本地存在的漏洞命令如下:

windows-exploit-suggester.py–audit -l –database
2017-03-20-mssb.xls–systeminfo win2003-2.txt

通过审计本地漏洞发现Windows 2003
server未安装SP2补丁,存在多个本地溢出漏洞,在选择上,选择最新的漏洞号进行利用,成功性会高很多,例如在本次实验机上新建一个普通账号temp,登录以后将MS15-077漏洞利用程序进行利用,效果如图6所示。

[*] MS15-077: Vulnerability in ATM Font Driver CouldAllow Elevation
of Privilege (3077657) – Important

[*] MS15-076: Vulnerability in Windows Remote ProcedureCall Could
Allow Elevation of Privilege (3067505) – Important

[*] MS15-075: Vulnerabilities in OLE Could AllowElevation of
Privilege (3072633) – Important

[*] MS15-074: Vulnerability in Windows InstallerService Could Allow
Elevation of Privilege (3072630) – Important

[*] MS15-073: Vulnerabilities in Windows Kernel-ModeDriver Could
Allow Elevation of Privilege (3070102) – Important

[*] MS15-072: Vulnerability in Windows GraphicsComponent Could Allow
Elevation of Privilege (3069392) – Important

[*] MS15-071: Vulnerability in Netlogon Could AllowElevation of
Privilege (3068457) – Important

[*] MS15-061: Vulnerabilities in Windows Kernel-ModeDrivers Could
Allow Elevation of Privilege (3057839) – Important

[M] MS15-051: Vulnerabilities in Windows Kernel-ModeDrivers Could
Allow Elevation of Privilege (3057191) – Important

[*], Win32k Elevation of
PrivilegeVulnerability, PoC

[*] — Windows
ClientCopyImageWin32k Exploit, MSF

[*] MS15-050:Vulnerability in Service Control Manager Could Allow
Elevation of Privilege (3055642)- Important

[*] MS15-048: Vulnerabilities in .NET Framework CouldAllow Elevation
of Privilege (3057134) – Important

[*] MS15-038: Vulnerabilities in Microsoft WindowsCould Allow
Elevation of Privilege (3045685) – Important

[*] MS15-025: Vulnerabilities in Windows Kernel CouldAllow Elevation
of Privilege (3038680) – Important

[*] MS15-008: Vulnerability in Windows Kernel-ModeDriver Could Allow
Elevation of Privilege (3019215) – Important

网站地图xml地图