mirror of
https://github.com/swisskyrepo/PayloadsAllTheThings.git
synced 2024-12-18 18:36:10 +00:00
JWT None alternative + MS15-051
This commit is contained in:
parent
e0220d1f17
commit
6c161f26b2
@ -72,6 +72,12 @@ JWT Encoder – Decoder: `http://jsonwebtoken.io`
|
||||
|
||||
JWT supports a None algorithm for signature. This was probably introduced to debug applications. However, this can have a severe impact on the security of the application.
|
||||
|
||||
None algorithm variants:
|
||||
* none
|
||||
* None
|
||||
* NONE
|
||||
* nOnE
|
||||
|
||||
To exploit this vulnerability, you just need to decode the JWT and change the algorithm used for the signature. Then you can submit your new JWT.
|
||||
|
||||
However, this won't work unless you **remove** the signature
|
||||
|
@ -25,6 +25,7 @@
|
||||
* [MS08-067 (NetAPI)](#ms08-067-netapi)
|
||||
* [MS10-015 (KiTrap0D)](#ms10-015-kitrap0d---microsoft-windows-nt2000--2003--2008--xp--vista--7)
|
||||
* [MS11-080 (adf.sys)](#ms11-080-afd.sys---microsoft-windows-xp-2003)
|
||||
* [MS15-051 (Client Copy Image)](#ms15-051---microsoft-windows-2003--2008--7--8--2012)
|
||||
* [MS16-032](#ms16-032---microsoft-windows-7--10--2008--2012-r2-x86x64)
|
||||
* [MS17-010 (Eternal Blue)](#ms17-010-eternal-blue)
|
||||
* [References](#references)
|
||||
@ -775,6 +776,23 @@ Python: https://www.exploit-db.com/exploits/18176
|
||||
Metasploit: exploit/windows/local/ms11_080_afdjoinleaf
|
||||
```
|
||||
|
||||
### MS15-051 (Client Copy Image) - Microsoft Windows 2003/2008/7/8/2012
|
||||
|
||||
```powershell
|
||||
printf("[#] usage: ms15-051 command \n");
|
||||
printf("[#] eg: ms15-051 \"whoami /all\" \n");
|
||||
|
||||
# x32
|
||||
https://github.com/rootphantomer/exp/raw/master/ms15-051%EF%BC%88%E4%BF%AE%E6%94%B9%E7%89%88%EF%BC%89/ms15-051/ms15-051/Win32/ms15-051.exe
|
||||
|
||||
# x64
|
||||
https://github.com/rootphantomer/exp/raw/master/ms15-051%EF%BC%88%E4%BF%AE%E6%94%B9%E7%89%88%EF%BC%89/ms15-051/ms15-051/x64/ms15-051.exe
|
||||
|
||||
https://github.com/SecWiki/windows-kernel-exploits/tree/master/MS15-051
|
||||
use exploit/windows/local/ms15_051_client_copy_image
|
||||
```
|
||||
|
||||
|
||||
### MS16-032 - Microsoft Windows 7 < 10 / 2008 < 2012 R2 (x86/x64)
|
||||
|
||||
Check if the patch is installed : `wmic qfe list | findstr "3139914"`
|
||||
|
Loading…
Reference in New Issue
Block a user