HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 47 guests and 2 members online
 
Advertisement

You are here: Home arrow Resourcesarrow News from the Outside Worldarrow 0Day PoC for SMB v2 bug in Vista / Windows 7 / Windows 2008 relaeased
EH-Net
May 18, 2013, 11:30:17 AM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Go back to The Ethical Hacker Network Online Magazine Home Page
 
   Home   Help Calendar Login Register  
Pages: [1] 2   Go Down
« previous next »
  Print  
Author Topic: 0Day PoC for SMB v2 bug in Vista / Windows 7 / Windows 2008 relaeased  (Read 23294 times)
0 Members and 1 Guest are viewing this topic.
vijay2
Full Member
***
Offline Offline

Posts: 220


View Profile
« on: September 08, 2009, 07:57:52 AM »
For more info

http://g-laurent.blogspot.com/

Looks like a Metasploit module will be added soon for this bug.

http://isc.sans.org/diary.html?storyid=7093&rss

Stay tuned
« Last Edit: September 08, 2009, 08:38:57 AM by don » Logged
GPEN GCFA GCIH CISSP CISA GSEC OSCP C|EH Security+
nightmare44
Newbie
*
Offline Offline

Posts: 10


View Profile
« Reply #1 on: September 08, 2009, 08:41:01 AM »
Tested it this morning on my BT VM and works perfectly
Logged
Jhaddix
Sr. Member
****
Offline Offline

Posts: 317



View Profile WWW
« Reply #2 on: September 08, 2009, 08:51:59 AM »
nice....
Logged
GSEC, GPEN, GWAPT, ECPPT, WAHHlive, LSOAdvancedPenTester

http://www.securityaegis.com
http://www.pentesterscripting.com
http://code.google.com/p/pentest-bookmarks/
nightmare44
Newbie
*
Offline Offline

Posts: 10


View Profile
« Reply #3 on: September 08, 2009, 08:57:26 AM »
MetaSploit module:

http://pastie.org/609407

Also be sure filesharing is enabled in Win7/Vista in Network Connection Center for it to work.
Logged
Manu Zacharia (-M-)
Sr. Member
****
Offline Offline

Posts: 393


c0c0n Hacking Conference - where hackers unite


View Profile WWW
« Reply #4 on: September 08, 2009, 12:55:26 PM »
Tested and working perfectly fine - Smiley

Just made a Video capture - (very low resolution - mobile capture) http://www.youtube.com/watch?v=gG1g7f2EKjw
Logged
Manu Zacharia
MVP (Enterprise Security), ISLA-2010 (ISC)², C|EH, C|HFI, CCNA, MCP,
Certified ISO 27001:2005 Lead Auditor

There are 3 roads to spoil; women, gambling & hacking. The most pleasant with women, the quickest with gambling, but the surest is hacking - c0c0n
ethicalhack3r
Full Member
***
Offline Offline

Posts: 139


View Profile WWW
« Reply #5 on: September 08, 2009, 01:13:35 PM »
Works on local machine too. Time to BSOD my girlfriend all night!  Grin
Logged
xXxKrisxXx
Hero Member
*****
Offline Offline

Posts: 512



View Profile
« Reply #6 on: September 08, 2009, 01:35:20 PM »
Metasploit guys already added it into the framework. Tested it on my Vista box - works like a charm.

smb2_negotiate_pidhigh.rb
http://www.anonym.to/?http://trac.metasploit.com/browser/framework3/trunk/modules/auxiliary/dos/windows/smb/smb2_negotiate_pidhigh.rb
Logged
eCPPT, GCIH, OSCP, OSWP
UNIX
Hero Member
*****
Offline Offline

Posts: 1234


View Profile
« Reply #7 on: September 08, 2009, 02:20:05 PM »
Nice one.. wonder when first patch will be released..
Logged
vijay2
Full Member
***
Offline Offline

Posts: 220


View Profile
« Reply #8 on: September 09, 2009, 10:24:32 AM »
Apparently the bug is just for SMB v2 and you can disabled SMB v2 if you are not using it.

More info. on

http://www.petri.co.il/how-to-disable-smb-2-on-windows-vista-or-server-2008.htm

VJ
Logged
GPEN GCFA GCIH CISSP CISA GSEC OSCP C|EH Security+
T3rm1ght
Newbie
*
Offline Offline

Posts: 25



View Profile
« Reply #9 on: December 22, 2009, 12:40:18 PM »
Hi ALL,
   i'm new to this security business, want i actually do is to secure peremeter devices with firewall but i think it's better to know the treats out there so i can really prepare. my question now is what do i do if i get the source code for this exploite and i want a prove of concept?
most of the source i see is in python and i don't know what to do. i run a linux box and mixture of windows pc's what do i need to compile a python source code.

thanks to anyone who helps and a merry christmas.
Perry
Logged
>>There Is Always A Blind Spot In
>>Every Software, It's Up To Us To Find It
Andrew Waite
Hero Member
*****
Offline Offline

Posts: 928



View Profile WWW
« Reply #10 on: December 23, 2009, 04:34:26 AM »
Hi termight,

Python isn't compiled, but run on the fly. On Linux usual execution of a python script would be:
python sourceFile.py [parameters]
(assumes python is installed and binary is in your path)
or
./sourceFile.py [parameters]
(assumes you are in the same directory as the source file)

Hope this helps
Logged
-- http://www.infosanity.co.uk
-- http://blog.infosanity.co.uk
T3rm1ght
Newbie
*
Offline Offline

Posts: 25



View Profile
« Reply #11 on: December 23, 2009, 05:14:33 AM »
Hi Andrew,
Thanks for the reply, just a clearification. i'm a fun of milw0rm.com i see alot of exploite there example. http://www.milw0rm.com/exploits/66
how do i compile this

thanks again
Logged
>>There Is Always A Blind Spot In
>>Every Software, It's Up To Us To Find It
Andrew Waite
Hero Member
*****
Offline Offline

Posts: 928



View Profile WWW
« Reply #12 on: December 23, 2009, 08:16:12 AM »
The example you provide looks like it is C, so compiling with gcc would likely be the standard scenario. Plenty of resources to help you out here.
Logged
-- http://www.infosanity.co.uk
-- http://blog.infosanity.co.uk
T3rm1ght
Newbie
*
Offline Offline

Posts: 25



View Profile
« Reply #13 on: December 23, 2009, 08:39:04 AM »
 Wink thanks Andrew, you're the best.. Wink
Logged
>>There Is Always A Blind Spot In
>>Every Software, It's Up To Us To Find It
T3rm1ght
Newbie
*
Offline Offline

Posts: 25



View Profile
« Reply #14 on: December 23, 2009, 08:58:18 AM »

   Hey Andrew,
           would you be my mentor in security,pentesting and defence. cos i really want to study. like i said before i'm into firewalls both ISA and Cisco ASA. currently i have MCSE Security,CCNP,CCDP,CCIE WRITTEN and i've scheduled my lab for April next year. but my problem now is i really LOVE security but netwoking is pulling me off.
   The question i always ask is "after all this security crackers are still able to hack into networks" then why security, i'm even thinking there is nothing called security cos today you're secured tomorrow you are down. i've decided to do the OSCP and OSWP and forget about the CCIE. please advise me.

Thanks
Logged
>>There Is Always A Blind Spot In
>>Every Software, It's Up To Us To Find It
Pages: [1] 2   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.078 seconds with 23 queries.
 
Exclusive Deal

sansfire13_245x90_cw90.jpg
SANSFIRE 2013
June 15 - 22

5% Off w/ Code: EHN_5

SANS Deals 4 EH-Netters
5% OFF Any SANS Course in Any Format!
Coupon Code: EHN_5 Including SANS Rocky Mountain 2013 & SANS Boston 2013
Polls
Compared to this year, 2013 will be:
 
Recent Forum Topics
EH-Net News Feeds
Latest Additions
 
         
Advertisement

© 2013 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.