点击上方“蓝字”带你去看小星星
漏洞影响版本:
Windows 10版本1903(用于32位系统) Windows 10版本1903(用于基于ARM64的系统) Windows 10版本1903(用于基于x64的系统) Windows 10版本1909(用于32位系统) Windows 10版本1909(用于基于ARM64的系统) Windows 10版本1909(用于)基于x64的系统 Windows Server 1903版(服务器核心安装) Windows Server 1909版(服务器核心安装)
漏洞检测工具
python版本
来源:
https://github.com/ollypwn/SMBGhost/blob/master/scanner.py
代码语言:javascript复制import socket
import struct
import sys
pkt = b'x00x00x00xc0xfeSMB@x00x00x00x00x00x00x00x00x00x1fx00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00$x00x08x00x01x00x00x00x7fx00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00xx00x00x00x02x00x00x00x02x02x10x02"x02$x02x00x03x02x03x10x03x11x03x00x00x00x00x01x00&x00x00x00x00x00x01x00 x00x01x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x03x00nx00x00x00x00x00x01x00x00x00x01x00x00x00x01x00x00x00x00x00x00x00'
sock = socket.socket(socket.AF_INET)
sock.settimeout(3)
sock.connect(( sys.argv[1], 445 ))
sock.send(pkt)
nb, = struct.unpack(">I", sock.recv(4))
res = sock.recv(nb)
if not res[68:70] == b"x11x03":
exit("Not vulnerable.")
if not res[70:72] == b"x02x00":
exit("Not vulnerable.")
exit("Vulnerable.")nmap版本:
代码语言:javascript复制#!/bin/bash
if [ $# -eq 0 ]
then
echo $'Usage:ntcheck-smb-v3.11.sh TARGET_IP_or_CIDR {Target Specification - Nmap}'
exit 1
fi
echo "Checking if there's SMB v3.11 in" $1 "..."
nmap -p445 --script smb-protocols -Pn -n $1 | grep -P 'd .d .d .d |^|.s 3.11' | tr 'n' ' ' | tr 'Nmap scan report for' '@' | tr "@" "n" | tr '|' ' ' | tr '_' ' ' | grep -oP 'd .d .d .d '
if [[ $? != 0 ]]; then
echo "There's no SMB v3.11"
fi漏洞缓解方法
Disable compression:
Set-ItemProperty -Path “HKLM:SYSTEMCurrentControlSetServicesLanmanServerParameters” DisableCompression -Type DWORD -Value 1 -Force
Enable compression:
Set-ItemProperty -Path “HKLM:SYSTEMCurrentControlSetServicesLanmanServerParameters” DisableCompression -Type DWORD -Value 0 -Force
