Hacking Book | Free Online Hacking Learning


. net remote code execution (ms14

Posted by harmelink at 2020-02-27

Today, I saw that piggy in safekey's group said that he has been paying attention to a. Net Remote Code Execution Vulnerability exp for a long time, so I went to expand DB to find http://www.expand-db.com/exploits/35280/.

The affected version is

Microsoft .NET Framework 1.1 Service Pack 1

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.5

Microsoft .NET Framework 3.5.1

Microsoft .NET Framework 4

Microsoft .NET Framework 4.5

Microsoft .NET Framework 4.5.1

But don't panic. Just like Microsoft said, net remoting doesn't use much. I didn't see much in the third-party programs developed by search engine. So I said that it didn't have a big impact on Weibo, but some large enterprises still use it. You can say that you don't understand it very well. Let's simply popularize science What is Remoting and under what circumstances is it vulnerable,

. net remoting services is a way to provide services to the outside world. You can understand it as you can understand webserver. The difference is that. Net remoting services is based on C / S architecture.

Utilization conditions:

1. This vulnerability exists only in. Net remoting services developed using the affected versions listed above.

2. Know the service name and listening port of. Net remoting service.

OK, after knowing these, you can go to some open source programs or decompile some programs to see if. Net remoting is used in the code.

Next, let's test the vulnerability. In the exp provided by the author, it includes using exp and testing server program. Because my port 12345 is occupied, I slightly changed the server program, changed the port to 8002, and then run it in the virtual machine. The test is as follows.