HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 30 guests and 1 member online
 
Advertisement

You are here: Home arrow Ethical Hacking Discussions and Related Certificationsarrow Network Pen Testingarrow How do I proceed with MS05-027 vulnerablity?
EH-Net
May 23, 2013, 09:55:09 PM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Go back to The Ethical Hacker Network Online Magazine Home Page
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: How do I proceed with MS05-027 vulnerablity?  (Read 4631 times)
0 Members and 1 Guest are viewing this topic.
royale1223
Newbie
*
Offline Offline

Posts: 4


View Profile
« on: August 11, 2011, 01:23:12 PM »
I have detected MS05-027 on one of the computers using nessus. It is running Windows Sever 2003. How do I exploit this? Can I get a prompt on the remote host?

Quote
Plugin ID: 18502
MS05-027: Vulnerability in SMB Could Allow Remote Code Execution (896422) (uncredentialed check)
Synopsis
Arbitrary code can be executed on the remote host due to a flaw in the SMB implementation.
List of Hosts

<host>

Description
The remote version of Windows contains a flaw in the Server Message
Block (SMB) implementation that may allow an attacker to execute
arbitrary code on the remote host.

An attacker does not need to be authenticated to exploit this flaw.
Solution
Microsoft has released a set of patches for Windows 2000, XP and
2003 :

http://www.microsoft.com/technet/security/bulletin/ms05-027.mspx
Risk Factor
Critical/ CVSS Base Score: 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVE
CVE-2005-1206
Bugtraq ID
13942
Other references
OSVDB:17308
MSFT:MS05-027
Vulnerability publication date: 2005/06/15
Patch publication date: 2005/06/14
Plugin publication date: 2005/06/16
Plugin last modification date: 2011/08/08
Ease of exploitability: Exploits are available
Exploitable with: Core Impact
« Last Edit: August 11, 2011, 01:59:58 PM by royale1223 » Logged
tturner
Sr. Member
****
Offline Offline

Posts: 432


View Profile WWW
« Reply #1 on: August 11, 2011, 01:31:57 PM »
Buy Core Impact or write your own exploit. I know of no freely available exploit code for this vuln but I'd love to be wrong.
Logged
Certifications:
CISSP, CISA, GPEN, GWAPT, GAWN, GCIA, GCIH, GSEC, OPSE, CSWAE, CSTP, VCP

WIP: OSWP, GSSP-JAVA, GXPN

Udacity on hold, again. I suck.

http://sentinel24.com/blog  @tonylturner http://bsidesorlando.org
royale1223
Newbie
*
Offline Offline

Posts: 4


View Profile
« Reply #2 on: August 11, 2011, 01:57:24 PM »
I would love to write an exploit but I have no idea howto.  Sad
Logged
chrisj
Hero Member
*****
Offline Offline

Posts: 1163


View Profile WWW
« Reply #3 on: August 11, 2011, 02:08:04 PM »
the ExploitDB comes to mind. if it doesn't have one, you should glean enough to write one
Logged
OSWP, Sec+
BillV
Hero Member
*****
Offline Offline

Posts: 1892


View Profile WWW
« Reply #4 on: August 14, 2011, 08:34:08 AM »
This is a pretty common false-positive finding. What's the rest of the environment look like? And what other findings on this host specifically?
Logged
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.062 seconds with 23 queries.
 
Exclusive Deal

sansfire13_245x90_cw90.jpg
SANSFIRE 2013
June 15 - 22

5% Off w/ Code: EHN_5

SANS Deals 4 EH-Netters
5% OFF Any SANS Course in Any Format!
Coupon Code: EHN_5 Including SANS Rocky Mountain 2013 & SANS Boston 2013
Polls
Compared to this year, 2013 will be:
 
Recent Forum Topics
EH-Net News Feeds
Latest Additions
 
         
Advertisement

© 2013 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.