CVE-2020-1206 Uninitialized Kernel Memory Read POC

(c) 2020 ZecOps, Inc. - https://www.zecops.com - Find Attackers' Mistakes
POC to check for CVE-2020-1206 / "SMBleed"
Expected outcome: Local file containing target computer kernel memory.
Intended only for educational and testing in corporate environments.
ZecOps takes no responsibility for the code, use at your own risk.
Please contact sales@ZecOps.com if you are interested in agent-less DFIR tools for Servers, Endpoints, and Mobile Devices to detect SMBleed and other types of attacks automatically.

Usage

SMBleed.exe server_name ip_address domain user pass share_name remote_path local_path

Compiled POC

You can get the compiled POC here.

Compiling

Use Visual Studio to compile the following projects:

ProtoSDK\Asn1Base\Asn1Base.csproj
ProtoSDK\MS-XCA\Xca.csproj
ProtoSDK\MS-SMB2\Smb2.sln

Use the resulting exe file to run the POC.

References

About

CVE-2020-1206 Uninitialized Kernel Memory Read POC

cve-2020-1206 poc smbleed

Other

Languages

Language:C# 99.1%Language:PowerShell 0.4%Language:HTML 0.2%Language:C 0.2%Language:JavaScript 0.1%Language:Batchfile 0.0%Language:C++ 0.0%Language:CSS 0.0%Language:Java 0.0%Language:Shell 0.0%Language:Python 0.0%Language:ASP 0.0%