CVE-2020-0796

This is a proof-of-concept exploit for CVE-2020-0796 (SMBGhost), a pre-authentication remote code execution vulnerability in the Windows SMBv3 protocol. The exploit leverages a buffer overflow in the SRVNET_BUFFER_HDR structure to achieve arbitrary code execution in kernel mode.

The provided content lacks actual exploit code and instead directs users to an external download link. It includes references and a GIF but no technical details or functional PoC.

This PoC exploits CVE-2020-0796 (SMBGhost) by sending a malformed SMB3 compression transform header with an invalid offset field, causing a buffer overflow and kernel crash. It modifies the smbprotocol library to support SMB 3.1.1 compression and triggers the vulnerability via a crafted header.

This is a local privilege escalation (LPE) exploit for CVE-2020-0796, targeting a memory corruption vulnerability in Windows SMBv3. The exploit leverages a compressed SMB packet to trigger an arithmetic overflow, leading to arbitrary code execution in kernel mode.

This repository contains a Python-based scanner for CVE-2020-0796 (SMBGhost), which checks for SMBv3 compression capability in vulnerable systems. It sends a crafted SMB negotiate request and analyzes the response to determine vulnerability.

This repository contains a functional proof-of-concept exploit for CVE-2020-0796 (SMBGhost), which achieves remote code execution via a crafted SMB packet. The exploit leverages memory corruption in the SMBv3 protocol to execute arbitrary shellcode, resulting in a reverse shell with SYSTEM privileges.

This repository contains a functional exploit for CVE-2020-0796 (SMBGhost), a remote code execution vulnerability in Microsoft SMBv3. The exploit includes kernel shellcode and a reverse shell payload, targeting vulnerable Windows systems.

This is a functional proof-of-concept exploit for CVE-2020-0796 (SMBGhost), which triggers a buffer overflow in Windows 10 1903/1909's SMB3 compression by sending a malformed compression transform header with an invalid offset value. The PoC crashes the target system by exploiting the lack of bounds checking in the decompression routine.

This repository contains a functional local privilege escalation (LPE) exploit for CVE-2020-0796 (SMBGhost). The exploit leverages a kernel memory corruption vulnerability to overwrite token privileges, ultimately spawning a privileged command shell.

This is a reflective DLL injection PoC for CVE-2020-0796 (SMBGhost), exploiting a buffer overflow in SMBv3 compression. It includes a custom SMB negotiation and compressed packet sender to trigger the vulnerability, along with shellcode injection into winlogon.exe for privilege escalation.

This is a functional proof-of-concept exploit for CVE-2020-0796 (SMBGhost), a local privilege escalation vulnerability in SMBv3. The code is adapted from Metasploit and converted into a Cobalt Strike Beacon Object File (BOF) for weaponization.

This PoC exploits CVE-2020-0796 (SMBGhost), a buffer overflow vulnerability in the SMBv3 compression mechanism. It sends a malformed compressed packet with an invalid offset to trigger the vulnerability, potentially leading to remote code execution.

This repository contains a scanner for CVE-2020-0796 (SMBGhost), which checks if a target system uses SMBv3.1.1 with compression enabled. It sends a crafted SMB negotiation packet and analyzes the response to determine vulnerability status.

The repository contains a scanner tool (Ladon) with multiple modules, including a check for CVE-2018-2894 (WebLogic deserialization vulnerability). The CVE-2018-2894.py script verifies the presence of the vulnerability by checking the status code of a specific endpoint.

This repository contains a scanner for detecting vulnerabilities CVE-2020-0796 (SMBGhost) and CVE-2020-1206 (SMBleed) in Windows systems. The scanner sends crafted SMB packets to check for vulnerability but does not include exploit code for remote code execution.

This repository contains a Python PoC for CVE-2020-0796, a vulnerability in SMBv3 compression. The exploit sends a malformed compressed packet to trigger a buffer overflow, potentially leading to remote code execution or denial of service.

This PowerShell script checks for the presence of CVE-2020-0796 (SMBGhost) by verifying Windows version, installed updates, and SMBv3 compression settings. It also provides an option to disable SMBv3 compression as a mitigation.

This PoC exploits CVE-2020-0796 (SMBGhost) by sending a malformed SMBv3 compression header to trigger a buffer overflow in the SMB server. It does not require authentication and is designed to crash the target system.

This is a Metasploit module for CVE-2020-0796 (SMBGhost), a local privilege escalation exploit targeting Windows 10 versions 1903-1909. It leverages a buffer overflow in SMBv3 compression to inject a DLL payload into winlogon.exe for privilege escalation.

This repository contains a multithreaded SMB scanner designed to detect CVE-2020-0796 (SMBGhost) by sending a crafted packet to SMB v3.11 servers and analyzing the response. It does not exploit the vulnerability but scans for its presence.

This repository is a writeup referencing another GitHub repository for CVE-2020-0796, a vulnerability in Microsoft SMBv3. It contains no exploit code but credits the original researchers and provides a link to their work.

This repository contains a Python script to scan for CVE-2020-0796, a pre-authentication remote code execution vulnerability in SMBv3. The script sends a crafted SMB packet and checks the response to determine if the target is vulnerable.

This repository contains a compiled Windows SMBv3 local privilege escalation (LPE) exploit for CVE-2020-0796, derived from a source project. It includes a pre-compiled x64 binary tested on Windows 10 1909.

This repository contains a Python-based scanner for CVE-2020-0796 (SMBGhost), leveraging asyncio for high-speed network scanning. It checks for vulnerability by sending a crafted SMB packet and analyzing the response.

This repository contains a scanner for CVE-2020-0796 (SMBGhost), which detects vulnerable systems by sending a crafted SMB packet and checking the response. It supports mass scanning and Shodan integration for additional target information.

This repository contains a Python-based scanner for CVE-2020-0796 (SMBGhost), which checks for the SMBv3 RCE vulnerability by sending a crafted packet and analyzing the response. It does not include an exploit payload but confirms vulnerability status.

This repository contains a bash script that checks if a target system is vulnerable to CVE-2020-0796 by detecting SMB v3.11 using nmap. It does not exploit the vulnerability but scans for its presence.

This is a Python-based exploit PoC for CVE-2020-0796, a vulnerability in Microsoft SMBv3. It attempts to achieve remote code execution (RCE) by sending a crafted payload to establish a reverse shell.

This is a scanner for CVE-2020-0796 (SMBGhost) that checks for SMBv3.1.1 dialect and compression capability by sending a crafted SMB negotiate request. It does not exploit the vulnerability but identifies potentially vulnerable systems.

This repository provides ADMX templates for mitigating CVE-2020-0796 by disabling SMB compression via a registry setting. It includes installation instructions and applicability guidance but does not contain exploit code.

The repository contains Microsoft's Windows Protocol Test Suites and related scripts, but no actual exploit code for CVE-2020-0796. The README references an external link for details on the vulnerability.

This is a Rust-based exploit for CVE-2020-0796 (SMBGhost), a local privilege escalation vulnerability in Windows SMBv3. The PoC leverages a compression buffer overflow to overwrite kernel memory and escalate privileges.

This repository contains a proof-of-concept exploit for CVE-2020-0796 (SMBGhost), a remote code execution vulnerability in Windows 10 SMBv3. The exploit uses a kernel shellcode to achieve RCE by targeting vulnerable Windows 10 versions (1903/1909) and requires manual offset calculation for reliability.

This repository contains a functional exploit for CVE-2020-0796 (SMBGhost), a remote code execution vulnerability in the Windows SMBv3 protocol. The exploit includes kernel shellcode and a reverse shell payload, demonstrating the vulnerability's exploitation via crafted SMB packets.

This repository contains only a README file with minimal information about CVE-2020-0796, authored by Vincent Yiu. No exploit code or technical details are provided.

The repository contains only a README.md file with minimal information about CVE-2020-0796, referencing a compiled exploit without providing any actual code or technical details. No exploit logic or proof-of-concept is included.

This Perl script scans for hosts vulnerable to CVE-2020-0796 by checking if SMBv3 compression is enabled. It sends a crafted SMB packet and analyzes the response to determine vulnerability status.

The repository contains only a README.md file with a title and a reference to a demo video for CVE-2020-0796 (SMBv3 Ghost vulnerability). No exploit code or technical details are provided.

This repository contains PCAP files demonstrating the SMBGhost (CVE-2020-0796) vulnerability, including crash and scanning artifacts for Windows 7 and Windows 10. It does not include executable exploit code but provides network traffic captures for analysis.

This repository contains a README describing multiple CVEs, including CVE-2020-0796 (SMBv3 RCE), but does not include actual exploit code or Nmap scripts. It serves as a high-level overview of vulnerabilities without functional PoC.

This repository contains a Python-based scanner for CVE-2020-0796 (SMBGhost), which checks for SMBv3 compression capability in negotiate requests to determine vulnerability. It sends a crafted packet and analyzes the response to identify vulnerable systems.

This repository contains a functional local privilege escalation (LPE) exploit for CVE-2020-0796, leveraging a write-what-where vulnerability in the Windows SMBv3 protocol. The exploit manipulates kernel memory to escalate privileges and spawns a command shell via DLL injection into winlogon.exe.

This PoC exploits CVE-2020-0796 (SMBGhost), a buffer overflow vulnerability in the SMBv3 compression mechanism. It sends a malformed compressed packet with an invalid offset to trigger the vulnerability, potentially leading to a denial-of-service or remote code execution on unpatched systems.

This repository is a README file referencing external GitHub repositories for CVE-2020-0796, a local privilege escalation vulnerability in SMBv3 (SMBGhost). It does not contain exploit code itself but points to PoCs developed by ZecOps and danigargu.

This repository contains a README file describing CVE-2020-0796, an SMBv3 RCE vulnerability affecting Windows 10. It includes images showing vulnerability status and a link to a detection script but lacks actual exploit code.

This repository contains a Python-based PoC and scanner for CVE-2020-0796, a vulnerability in SMBv3.1.1 compression. It detects the SMB version and compression type, and can optionally send a malformed packet to trigger a crash (DoS).

This PoC exploits CVE-2020-0796 (SMBGhost), a buffer overflow vulnerability in Windows 10 SMBv3. It sends a malformed compressed SMB packet to trigger the vulnerability, potentially leading to remote code execution.

This PoC exploits CVE-2020-0796 (SMBGhost), an integer overflow vulnerability in SMBv3 compression, by sending a malformed packet with an invalid offset to trigger a buffer overflow, potentially causing a Blue Screen of Death (BSOD) on Windows 10 1903.

This PoC exploits CVE-2020-0796 (SMBGhost) by sending a malformed SMBv3 compression header with an invalid offset, triggering a buffer overflow in vulnerable Windows systems. It includes SMB2 protocol handling and NetBIOS wrapping for packet transmission.

This repository contains a scanner for CVE-2020-0796 (SMBGhost), which checks for vulnerability in SMBv3 compression. It sends a crafted packet and analyzes the response to determine if the target is vulnerable.

This repository contains a functional exploit for CVE-2020-0796 (SMBGhost), a vulnerability in the SMBv3 protocol. The exploit includes kernel shellcode and a reverse shell payload, targeting Windows systems via a buffer overflow in SMB compression.

This repository is a README file that aggregates links to other PoC repositories for CVE-2020-0796, a critical SMBv3 vulnerability. It does not contain exploit code itself but references external sources for scanners and exploits.

This repository contains a Python script that checks for the presence of CVE-2020-0796 by verifying if a target system uses SMBv3.1.1 with compression enabled. It does not exploit the vulnerability but scans for its presence.

This repository is a writeup explaining CVE-2020-0796, a remote code execution vulnerability in Microsoft SMBv3. It provides references, PoC links, and general exploitation steps but does not contain actual exploit code.

This is a Metasploit auxiliary module designed to scan for CVE-2020-0796, a vulnerability in SMBv3. It sends a crafted packet to the target and checks the response to determine if the system is vulnerable.

This repository contains a Python script that automates batch scanning for CVE-2020-0796 using a third-party scanner (CVE-2020-0796-Scanner.exe). It reads IPs from a file and uses multithreading to execute the scanner for each IP.

This repository contains a scanner for CVE-2020-0796, a vulnerability in Microsoft SMBv3. The scanner is sourced from Qi'anxin and is designed to detect the presence of the vulnerability.

This repository contains a detailed technical analysis of CVE-2020-0796, focusing on the integer overflow vulnerability in the SMBv3 compression feature. It explains the exploit mechanism for Local Privilege Escalation (LPE) but does not include functional exploit code.

This repository contains a Windows SMBv3 local privilege escalation (LPE) exploit for CVE-2020-0796. The exploit allows command execution via a provided IP and command-line argument.

This PoC exploits CVE-2020-0796 (SMBGhost) to trigger a denial-of-service (BSoD) on vulnerable Windows systems via a malformed SMB packet. It sends a crafted SMB request to port 445, causing a buffer overflow in the SMBv3 compression mechanism.

This repository contains a Python script that scans for systems potentially vulnerable to CVE-2020-0796 by checking if they support SMBv3.1.1 with compression algorithms. It sends a crafted SMB packet and analyzes the response to determine vulnerability status.

This repository contains a threaded scanner for CVE-2020-0796 (SMBGhost), which checks for SMBv3 vulnerability by sending a crafted packet and analyzing the response. It does not include an exploit payload, only detection logic.

This repository is a curated list of scanners and detection tools for CVE-2020-0796, a critical RCE vulnerability in Microsoft Windows SMBv3. It provides references to various GitHub repositories and tools for identifying vulnerable systems.

This repository contains a functional exploit for CVE-2020-0796 (SMBGhost), which leverages an integer overflow in SMBv3 compression to achieve remote code execution. The exploit includes custom modules for SMB negotiation and compression, along with shellcode for payload delivery.

This repository contains a functional exploit for CVE-2020-0796 (SMBGhost), targeting an integer overflow in SMBv3 compression. It includes kernel and user-mode shellcode to achieve remote code execution on vulnerable Windows 10 systems (1903 & 1909).

This repository contains a detailed technical write-up of a Conti ransomware compromise, including analysis of exploited CVEs (CVE-2020-0796, CVE-2018-13374, CVE-2018-13379) and attacker techniques. The write-up is supported by a 24-page PDF report with annotated screenshots and log analysis.

This repository contains functional PowerShell scripts designed to exploit CVE-2020-0796, a vulnerability in the SMBv3 protocol. The scripts include various post-exploitation actions such as adding users to local groups, creating DFS folders, and adding printers, indicating a working proof-of-concept for privilege escalation or lateral movement.

This repository contains a functional local privilege escalation (LPE) exploit for CVE-2020-0796, targeting a memory corruption vulnerability in Windows SMBv3. The exploit leverages a crafted SMB packet with a compressed data field to trigger an arithmetic overflow, leading to arbitrary code execution in the context of the winlogon.exe process.

This repository contains functional PowerShell scripts designed to exploit CVE-2020-0796, a vulnerability in the SMBv3 protocol. The scripts include various post-exploitation actions such as adding users to local groups, creating DFS folders, and configuring system settings, indicating a working proof-of-concept for privilege escalation or lateral movement.

This repository contains a functional exploit for CVE-2020-0796, a vulnerability in SMBv3 compression. The PoC includes a scanner to detect vulnerable systems and an exploit that triggers the vulnerability by sending a malformed compressed SMB packet.

This repository contains a scanner script that detects whether a server uses SMBv3.1.1 with SMB compression enabled, indicating vulnerability to CVE-2020-0796. It does not exploit the vulnerability but provides detailed packet structures for further SMB protocol investigations.

This repository contains a Python script that checks for the presence of CVE-2020-0796 (SMBGhost) by sending a crafted SMB negotiate request to detect vulnerable SMBv3.1.1 servers with compression capability. It does not exploit the vulnerability but scans for its presence.

This repository contains a proof-of-concept exploit for CVE-2020-0796, a critical vulnerability in the SMBv3 protocol. The exploit includes payload generation, a scanner, and crash test utilities, targeting the 'SMBGhost' vulnerability for potential remote code execution.

This repository provides a proof-of-concept exploit for CVE-2020-0796 (SMBGhost), a critical pre-auth RCE vulnerability in Windows 10 and Windows Server systems using SMBv3. The PoC leverages memory corruption to achieve remote code execution with system-level privileges.

This is a functional PoC for CVE-2020-0796 (SMBGhost), a remote code execution vulnerability in Windows 10 SMBv3. It exploits a buffer overflow to achieve a reverse shell with SYSTEM privileges, leveraging SMBleed (CVE-2020-1206) for memory read primitives.

This repository provides a detailed writeup and documentation on exploiting and mitigating CVE-2020-0796 (SMBGhost) and Print Spooler vulnerabilities, including analysis, detection techniques, and mitigation steps. It does not contain actual exploit code but serves as a guide for setting up a virtualized environment for testing.

This repository provides a detailed writeup on exploiting CVE-2020-0796 (SMBGhost), including reconnaissance steps using Nmap and references to external exploit scripts. It does not contain direct exploit code but guides users through the process of identifying and exploiting the vulnerability.

This repository contains a PoC and scanner for CVE-2020-0796 (SMBGhost), a vulnerability in SMBv3 protocol. The PoC sends malformed SMB packets to trigger a buffer overflow, while the scanner checks for vulnerability by analyzing SMB negotiation responses.

The repository contains only a README.md file with minimal information about CVE-2020-0796, a Windows 10 SMB vulnerability, but no actual exploit code or technical details.

This repository provides a detailed technical writeup on CVE-2020-0796 (SMBGhost), including the vulnerability's root cause (integer overflow in Srv2DecompressData), affected Windows versions, and a step-by-step attack scenario. It includes network scanning and exploitation steps but lacks actual exploit code.

This repository contains a functional exploit for CVE-2020-0796 (SMBGhost), a remote code execution vulnerability in the Windows SMBv3 protocol. The exploit leverages a buffer overflow in the SMB compression mechanism to achieve arbitrary kernel code execution.

This is a proof-of-concept exploit for CVE-2020-0796, a local privilege escalation vulnerability in Windows SMBv3. The exploit leverages a buffer overflow in the SMB compression mechanism to overwrite kernel memory and escalate privileges.

This repository contains a bash script that scans for SMB v3.11 to identify potential vulnerability to CVE-2020-0796. It uses nmap to check the SMB protocol version on a target IP.

The repository contains only a README.md file with minimal content, providing no functional exploit code or technical details for CVE-2020-0796.

This repository contains a PoC and a scanner for CVE-2020-0796, a vulnerability in SMBv3 compression. The PoC sends a malformed compressed packet to trigger the vulnerability, while the scanner checks for vulnerable systems by analyzing the SMB response.

This repository contains a scanner for CVE-2020-0796 (SMBGhost), which checks for vulnerability in SMBv3 by sending a crafted packet and analyzing the response. It does not include an exploit for RCE but confirms the presence of the vulnerability.

This is a local privilege escalation (LPE) exploit for CVE-2020-0796, targeting a memory corruption vulnerability in Windows SMBv3. The exploit leverages a compressed packet with an arithmetic overflow to achieve arbitrary code execution in the context of the winlogon.exe process.

This script scans for CVE-2020-0796 (SMBv3 vulnerability) by sending a crafted packet and checking the response. It supports single IP or subnet scanning with multithreading.

The repository contains only a README file with minimal information about CVE-2020-0796, lacking any actual exploit code or technical details. It appears to be a placeholder or incomplete submission.

This repository is a README file referencing a Python PoC for CVE-2020-0796, a buffer overflow vulnerability. It links to another GitHub repository for the actual exploit code.

This repository contains a Python script to detect and apply a workaround for CVE-2020-0796 (SMBGhost), an unauthenticated RCE vulnerability in SMBv3. It checks the Windows registry for the 'DisableCompression' setting and applies the fix if the system is vulnerable.

This repository contains a Go-based scanner to check if a system is vulnerable to CVE-2020-0796, a vulnerability in SMB v3. It does not include exploit code but serves as a detection tool.

This repository contains a Python script that scans for CVE-2020-0796 (SMBGhost) by sending an SMB negotiate request and checking the response for vulnerable compression algorithms. It does not exploit the vulnerability but detects its presence.

This repository contains a scanner for CVE-2020-0796 (SMBGhost), which checks for SMB dialect 3.1.1 and compression capability through a negotiate request. It does not include an exploit but verifies vulnerability by analyzing the SMB response.

This Metasploit module exploits CVE-2020-0796, a buffer overflow in the SMBv3 protocol, to achieve remote code execution (RCE) on vulnerable Windows systems. It leverages memory corruption techniques to execute arbitrary code in the kernel context, ultimately yielding a SYSTEM-level session.

This Metasploit module exploits CVE-2020-0796, a buffer overflow in the SMBv3 protocol, to achieve local privilege escalation on vulnerable Windows 10 systems. It reflectively injects a DLL into winlogon.exe to execute the payload.

This repository contains a functional exploit for CVE-2020-0796 (SMBGhost), a vulnerability in the SMBv3 protocol that allows remote code execution. The exploit includes Python scripts for crafting malicious SMB packets and assembly code for shellcode execution.

This repository contains a functional exploit for CVE-2020-0796 (SMBGhost), which leverages an integer overflow in the SMB protocol to trigger a buffer overflow, potentially leading to a denial-of-service (DoS) or remote code execution (RCE). The PoC includes a Python script that crafts malicious SMB packets with manipulated compression headers to exploit the vulnerability.

The repository contains a Python script that scans for CVE-2020-0796, a pre-authentication remote code execution vulnerability in SMBv3. The script sends a crafted SMB packet and checks the response to determine if the target is vulnerable.

This repository contains a functional PoC for CVE-2020-0796 (SMBGhost), a buffer overflow vulnerability in the SMBv3 protocol. The exploit sends a maliciously crafted compressed data packet to trigger the vulnerability, potentially leading to remote code execution.

This repository contains a functional Python script that scans for and exploits CVE-2020-0796, a vulnerability in SMBv3 compression. The script sends a malformed SMB packet to trigger a denial-of-service (DoS) condition on vulnerable systems.

This repository contains a functional exploit for CVE-2020-0796 (SMBGhost), a remote code execution vulnerability in Windows SMBv3. The exploit leverages memory corruption to achieve a reverse shell with system privileges, targeting Windows 10 versions 1903 and 1909.

This repository contains a functional local privilege escalation (LPE) exploit for CVE-2020-0796, targeting a memory corruption vulnerability in Windows SMBv3. The exploit leverages a crafted SMB packet with a compressed data field to trigger an arithmetic overflow, leading to arbitrary code execution in kernel mode.

This repository contains a functional PoC for CVE-2020-0796 (SMBGhost), which exploits a buffer overflow in Windows 10 1903/1909's SMB3 compression by setting an invalid offset in the compression transform header. The exploit crashes the target system by triggering a kernel buffer overflow during decompression.

This repository contains a functional PoC for CVE-2020-0796 (SMBGhost), which exploits a buffer overflow in Windows 10 1903/1909's SMB3 compression capability by sending a crafted SMB packet with a malformed compression transform header. The exploit triggers a kernel crash due to lack of bounds checking on the offset field in the decompression routine.

This repository contains a functional PoC for CVE-2020-0796 (SMBGhost), which exploits a buffer overflow in Windows 10 1903/1909's SMB3 compression by setting an invalid offset in the compression transform header. The exploit crashes the target system by triggering a kernel buffer overflow during decompression.

The repository contains a Python-based Metasploit auxiliary module that scans for CVE-2020-0796 by sending a crafted SMB packet to port 445 and checking the response for vulnerability indicators. It does not exploit the vulnerability but detects its presence.

This repository contains a Python-based scanner for CVE-2020-0796 (SMBGhost), which checks for SMBv3.1.1 dialect and compression capability to determine vulnerability. It does not include exploit code but provides a network-based detection method.

This repository contains a functional PoC for CVE-2020-0796 (SMBGhost), which exploits a buffer overflow in Windows 10 1903/1909's SMB3 compression capability by sending a crafted SMB packet with a malformed compression transform header. The exploit triggers a kernel crash due to improper bounds checking on the offset field in the decompression routine.

This repository contains a functional local privilege escalation (LPE) exploit for CVE-2020-0796, targeting a memory corruption vulnerability in Windows SMBv3. The exploit leverages a crafted SMB packet with compressed data to trigger an arithmetic overflow, leading to privilege escalation.

This repository contains a functional PoC for CVE-2020-0796 (SMBGhost), which exploits a buffer overflow in Windows 10 1903/1909's SMB3 compression by setting an invalid offset in the compression transform header. The exploit crashes the target system by triggering a kernel buffer overflow during decompression.

The repository contains a Python script and a Bash script designed to scan for the presence of CVE-2020-0796, a vulnerability in SMBv3.1.1. The scripts check for specific responses from the target system to determine if it is vulnerable.

This repository contains a functional local privilege escalation (LPE) exploit for CVE-2020-0796, targeting a memory corruption vulnerability in Windows SMBv3. The exploit leverages a crafted SMB packet with compressed data to trigger an arithmetic overflow, leading to privilege escalation.

The repository contains a functional Python PoC for CVE-2020-0796, which exploits a buffer overflow vulnerability in the SMBv3 compression mechanism. The code crafts malicious SMB packets with a compressed transform header to trigger the vulnerability.

This repository contains a functional Python exploit for CVE-2020-0796 (SMBGhost), which triggers a Blue Screen of Death (BSOD) on vulnerable Windows 10 systems by sending a malformed SMBv3 compression packet. The PoC leverages the Impacket library to craft and send the exploit packet.

This repository is a documentation hub for various Windows kernel exploits, including CVE-2020-0796. It contains structured README files, issue templates, and a Python script for generating documentation. No functional exploit code is present.

This repository contains a functional local privilege escalation (LPE) exploit for CVE-2020-0796, targeting a memory corruption vulnerability in Windows SMBv3. The exploit leverages a compressed SMB packet to trigger an arithmetic overflow, leading to privilege escalation.

This repository contains a functional PoC for CVE-2020-0796 (SMBGhost), which exploits a buffer overflow in Windows 10 1903/1909's SMB3 compression by setting an invalid offset in the compression transform header. The exploit crashes the target system by triggering a kernel buffer overflow during decompression.

This repository contains a functional Python PoC for CVE-2020-0796 (SMBGhost), which exploits a buffer overflow vulnerability in the SMBv3 compression mechanism. The code crafts malicious SMB packets with a manipulated compression header to trigger the vulnerability.

This repository contains a functional local privilege escalation (LPE) exploit for CVE-2020-0796, targeting a memory corruption vulnerability in Windows SMBv3. The exploit leverages a crafted SMB packet with a compressed data field to trigger an arithmetic overflow, leading to arbitrary code execution.

The repository contains a functional Python PoC for CVE-2020-0796, which exploits a buffer overflow vulnerability in the SMBv3 protocol. The code crafts malicious SMB packets with a compressed transform header to trigger the vulnerability.

This repository contains a functional local privilege escalation (LPE) exploit for CVE-2020-0796, targeting a memory corruption vulnerability in Windows SMBv3. The exploit leverages a crafted SMB packet with a compressed data field to trigger an integer overflow, leading to arbitrary code execution in kernel mode.

The repository contains a Python-based scanner for CVE-2020-0796 (SMBGhost) that checks for SMBv3.1.1 dialect and compression capability via a negotiate request. It does not include exploit code but confirms vulnerability by analyzing the server's response.

This repository contains a functional local privilege escalation (LPE) exploit for CVE-2020-0796, targeting a memory corruption vulnerability in Windows SMBv3. The exploit leverages a crafted SMB packet with a compressed data field to trigger an integer overflow, leading to arbitrary code execution in the context of the winlogon.exe process.

This repository contains a functional local privilege escalation (LPE) exploit for CVE-2020-0796, a vulnerability in Windows SMBv3. The exploit leverages a memory corruption issue in the SMB compression mechanism to achieve privilege escalation.

This repository contains a functional Python-based exploit for CVE-2020-0796, a remote code execution vulnerability in Microsoft SMBv3. The exploit sends a crafted packet to trigger the vulnerability and establishes a reverse shell.

This repository contains a functional local privilege escalation (LPE) exploit for CVE-2020-0796, targeting a memory corruption vulnerability in Windows SMBv3. The exploit leverages a crafted SMB packet with compressed data to trigger an arithmetic overflow, leading to arbitrary code execution in the context of the winlogon.exe process.

This repository contains a functional local privilege escalation (LPE) exploit for CVE-2020-0796, targeting a memory corruption vulnerability in Windows SMBv3. The exploit leverages a crafted SMB packet with a compressed data field to trigger an arithmetic overflow, leading to arbitrary code execution.