This repo just simply research for the CVE, for more detailed ananlysis,please refer here.
Here is reproduce code for Windows RPC Vuln CVE-2020-26809
, and it refer https://github.com/microsoft/Windows-classic-samples/blob/main/Samples/Win7Samples/netds/rpc/hello.
If have any better solution to trigger this vuln, feel free to submit issue or pr :)
the poc.py
just try to trigger the vuln functionOSF_SCALL::GetCoalescedBuffer
, it wouldn't cause any crash because dword integer overflow is too hard to reproduce.And the rpcrt.py
is the python package impacket.dcerpc.v5.rpcrt
,just modify it to trigger vuln.
if necessary, just use nmake
to rebuild it