CVEs-PoC/2019/CVE-2019-1040.md

CVE-2019-1040

Description

A tampering vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able to successfully bypass the NTLM MIC (Message Integrity Check) protection. An attacker who successfully exploited this vulnerability could gain the ability to downgrade NTLM security features.To exploit this vulnerability, the attacker would need to tamper with the NTLM exchange. The attacker could then modify flags of the NTLM packet without invalidating the signature.The update addresses the vulnerability by hardening NTLM MIC protection on the server-side.

POC

Reference

No PoCs from references.

Github

• https://github.com/0xMrNiko/Awesome-Red-Teaming
• https://github.com/0xT11/CVE-POC
• https://github.com/20142995/sectool
• https://github.com/5l1v3r1/CVE-2019-1041
• https://github.com/ARPSyndicate/cvemon
• https://github.com/Amar224/Pentest-Tools
• https://github.com/AnonVulc/Pentest-Tools
• https://github.com/Ascotbe/Kernelhub
• https://github.com/CVEDB/PoC-List
• https://github.com/CVEDB/awesome-cve-repo
• https://github.com/CVEDB/top
• https://github.com/CougarCS-InfoSec/PwnAtlas
• https://github.com/Cruxer8Mech/Idk
• https://github.com/EASI-Sec/EasiWeapons.sh
• https://github.com/ErdemOzgen/ActiveDirectoryAttacks
• https://github.com/EvilAnne/2019-Read-article
• https://github.com/FDlucifer/Proxy-Attackchain
• https://github.com/GhostTroops/TOP
• https://github.com/Gl3bGl4z/All_NTLM_leak
• https://github.com/H1CH444MREB0RN/PenTest-free-tools
• https://github.com/HackingCost/AD_Pentest
• https://github.com/ImranTheThirdEye/AD-Pentesting-Tools
• https://github.com/IvanVoronov/0day
• https://github.com/JERRY123S/all-poc
• https://github.com/JFR-C/Windows-Penetration-Testing
• https://github.com/Jean-Francois-C/Windows-Penetration-Testing
• https://github.com/Kahvi-0/PrinterSpray
• https://github.com/Maxvol20/respoder_ntlm
• https://github.com/Mehedi-Babu/pentest_tools_repo
• https://github.com/MizaruIT/PENTAD-TOOLKIT
• https://github.com/MizaruIT/PENTADAY_TOOLKIT
• https://github.com/MrPWH/Pentest-Tools
• https://github.com/Nieuport/Active-Directory-Kill-Chain-Attack-Defense
• https://github.com/QAX-A-Team/dcpwn
• https://github.com/R0B1NL1N/AD-Attack-Defense
• https://github.com/Ridter/CVE-2019-1040
• https://github.com/Ridter/CVE-2019-1040-dcpwn
• https://github.com/Ridter/RelayX
• https://github.com/S3cur3Th1sSh1t/My-starred-Repositories
• https://github.com/S3cur3Th1sSh1t/Pentest-Tools
• https://github.com/SexyBeast233/SecBooks
• https://github.com/Waseem27-art/ART-TOOLKIT
• https://github.com/Whiteh4tWolf/Attack-Defense
• https://github.com/X-The-Mystic/xframe
• https://github.com/XTeam-Wing/Hunting-Active-Directory
• https://github.com/YellowVeN0m/Pentesters-toolbox
• https://github.com/Zamanry/OSCP_Cheatsheet
• https://github.com/ZyberPatrol/Active-Directory
• https://github.com/alphaSeclab/sec-daily-2019
• https://github.com/aymankhder/AD-attack-defense
• https://github.com/bhataasim1/AD-Attack-Defence
• https://github.com/botesjuan/PenTestMethodology
• https://github.com/cyberanand1337x/bug-bounty-2022
• https://github.com/developer3000S/PoC-in-GitHub
• https://github.com/elinakrmova/RedTeam-Tools
• https://github.com/emtee40/win-pentest-tools
• https://github.com/fox-it/cve-2019-1040-scanner
• https://github.com/geeksniper/active-directory-pentest
• https://github.com/getanehAl/Windows-Penetration-Testing
• https://github.com/hack-parthsharma/Pentest-Tools
• https://github.com/hackeremmen/Active-Directory-Kill-Chain-Attack-Defense-
• https://github.com/hangchuanin/Intranet_penetration_history
• https://github.com/hectorgie/PoC-in-GitHub
• https://github.com/hegusung/netscan
• https://github.com/hktalent/TOP
• https://github.com/iamramahibrah/AD-Attacks-and-Defend
• https://github.com/infosecn1nja/AD-Attack-Defense
• https://github.com/jared1981/More-Pentest-Tools
• https://github.com/jbmihoub/all-poc
• https://github.com/kdandy/pentest_tools
• https://github.com/laoqin1234/https-github.com-HackingCost-AD_Pentest
• https://github.com/lazaars/UltraRealy_with_CVE-2019-1040
• https://github.com/lp008/Hack-readme
• https://github.com/merlinepedra/Pentest-Tools
• https://github.com/merlinepedra25/Pentest-Tools
• https://github.com/merlinepedra25/Pentest-Tools-1
• https://github.com/mishmashclone/infosecn1nja-AD-Attack-Defense
• https://github.com/nadeemali79/AD-Attack-Defense
• https://github.com/nccgroup/Change-Lockscreen
• https://github.com/nitishbadole/Pentest_Tools
• https://github.com/nomi-sec/PoC-in-GitHub
• https://github.com/orgTestCodacy11KRepos110MB/repo-3423-Pentest_Note
• https://github.com/paramint/AD-Attack-Defense
• https://github.com/pathakabhi24/Pentest-Tools
• https://github.com/penetrarnya-tm/WeaponizeKali.sh
• https://github.com/pjgmonteiro/Pentest-tools
• https://github.com/preempt/ntlm-scanner
• https://github.com/reewardius/0day
• https://github.com/retr0-13/AD-Attack-Defense
• https://github.com/retr0-13/Pentest-Tools
• https://github.com/select-ldl/word_select
• https://github.com/severnake/Pentest-Tools
• https://github.com/shantanu561993/DomainUserToDomainAdminTechniques
• https://github.com/snovvcrash/WeaponizeKali.sh
• https://github.com/sunzu94/AD-Attack-Defense
• https://github.com/suzi007/RedTeam_Note
• https://github.com/svbjdbk123/ReadTeam
• https://github.com/tataev/Security
• https://github.com/tempiltin/active-directory_pentest
• https://github.com/theguly/stars
• https://github.com/theyoge/AD-Pentesting-Tools
• https://github.com/trganda/starrlist
• https://github.com/weeka10/-hktalent-TOP
• https://github.com/wzxmt/CVE-2019-1040
• https://github.com/xiaoy-sec/Pentest_Note
• https://github.com/xthemystik/xframe
• https://github.com/ycdxsb/WindowsPrivilegeEscalation
• https://github.com/yovelo98/OSCP-Cheatsheet
• https://github.com/zer0yu/Intranet_Penetration_CheetSheets
• https://github.com/zer0yu/RedTeam_CheetSheets
• https://github.com/zha0/WeaponizeKali.sh