0Day PoC for SMB v2 bug in Vista / Windows 7 / Windows 2008 relaeased

This topic contains 20 replies, has 11 voices, and was last updated by  RoleReversal 9 years, 10 months ago.

  • Author
    Posts
  • #4247
     vijay2 
    Participant

    For more info

    http://g-laurent.blogspot.com/

    Looks like a Metasploit module will be added soon for this bug.

    http://isc.sans.org/diary.html?storyid=7093&rss

    Stay tuned

  • #26917
     nightmare44 
    Participant

    Tested it this morning on my BT VM and works perfectly

  • #26918
     Jhaddix 
    Participant

    nice….

  • #26919
     nightmare44 
    Participant

    MetaSploit module:

    http://pastie.org/609407

    Also be sure filesharing is enabled in Win7/Vista in Network Connection Center for it to work.

  • #26920
     morpheus063 
    Participant

    Tested and working perfectly fine – 🙂

    Just made a Video capture – (very low resolution – mobile capture) http://www.youtube.com/watch?v=gG1g7f2EKjw

  • #26921
     ethicalhack3r 
    Participant

    Works on local machine too. Time to BSOD my girlfriend all night!  ;D

  • #26922
     KrisTeason 
    Participant

    Metasploit guys already added it into the framework. Tested it on my Vista box – works like a charm.

    smb2_negotiate_pidhigh.rb
    http://www.anonym.to/?http://trac.metasploit.com/browser/framework3/trunk/modules/auxiliary/dos/windows/smb/smb2_negotiate_pidhigh.rb

  • #26923
     UNIX 
    Participant

    Nice one.. wonder when first patch will be released..

  • #26924
     vijay2 
    Participant

    Apparently the bug is just for SMB v2 and you can disabled SMB v2 if you are not using it.

    More info. on

    http://www.petri.co.il/how-to-disable-smb-2-on-windows-vista-or-server-2008.htm

    VJ

  • #26925
     termight 
    Participant

    Hi ALL,
      i’m new to this security business, want i actually do is to secure peremeter devices with firewall but i think it’s better to know the treats out there so i can really prepare. my question now is what do i do if i get the source code for this exploite and i want a prove of concept?
    most of the source i see is in python and i don’t know what to do. i run a linux box and mixture of windows pc’s what do i need to compile a python source code.

    thanks to anyone who helps and a merry christmas.
    Perry

  • #26926
     RoleReversal 
    Participant

    Hi termight,

    Python isn’t compiled, but run on the fly. On Linux usual execution of a python script would be:
    python sourceFile.py [parameters]
    (assumes python is installed and binary is in your path)
    or
    ./sourceFile.py [parameters]
    (assumes you are in the same directory as the source file)

    Hope this helps

  • #26927
     termight 
    Participant

    Hi Andrew,
    Thanks for the reply, just a clearification. i’m a fun of milw0rm.com i see alot of exploite there example. http://www.milw0rm.com/exploits/66
    how do i compile this

    thanks again

  • #26928
     RoleReversal 
    Participant

    The example you provide looks like it is C, so compiling with gcc would likely be the standard scenario. Plenty of resources to help you out here.

  • #26929
     termight 
    Participant

    😉 thanks Andrew, you’re the best.. 😉

  • #26930
     termight 
    Participant

      Hey Andrew,
              would you be my mentor in security,pentesting and defence. cos i really want to study. like i said before i’m into firewalls both ISA and Cisco ASA. currently i have MCSE Security,CCNP,CCDP,CCIE WRITTEN and i’ve scheduled my lab for April next year. but my problem now is i really LOVE security but netwoking is pulling me off.
      The question i always ask is “after all this security crackers are still able to hack into networks” then why security, i’m even thinking there is nothing called security cos today you’re secured tomorrow you are down. i’ve decided to do the OSCP and OSWP and forget about the CCIE. please advise me.

    Thanks

  • #26931
     RoleReversal 
    Participant

    Hi Termight,

    humbled by the request, but I’m still just learning this stuff myself. But keep asking intelligent questions around here and I’ll likely be around to help when and where I can.

    I wouldn’t give up on the Cisco certs completely, partly because it is easier to secure/compromise a network if you have an indepth understanding of a network, and partly because there is some really good money available if you can get your CCIE.

    But at the same time I would also suggest the OSCP, is a brilliant course and will/would-have answered the queries you’ve had today, plus a whole lot more.

    Andrew

  • #26932
     Kev 
    Participant

    Sorry Termight but he promised to be my mentor first!  I like that name termight or termite.  A termite has an amazing way to tunnel in and own a house or wood.  Wood being a vulnerable place, block being a little more secure.  Very good.

  • #26933
     termight 
    Participant

    Hi Kev,
     thanks for the compliment on my name. actually i choose the name termight cos of the insect termite but wanted a different way to spell it.
    Termites are the best networks and tunnel drillers in this world. also it’s hard to get them during the day only at night or till the day they’ll break down your house. lol  ;D.
    and about the mentoring we can both share one master and be the best team mates. think abt it. i can also help you in Cisco and Microsoft stuff.

  • #26934
     termight 
    Participant

    Hi Andrew,
      Does it means CCIE pays more than security? if yes then after my CCIE R&S i’ll pursue the CCIE security track. Also thank you very much for the advise. Merry Christmas.

    to all who read this Merry Christmas.

  • #26935
     hayabusa 
    Participant

    I’d say the pay comes with the experience and the specific position, but in general, CCIE’s make excellent money, from employers looking for the cert.  That said, Security knowledge can be equally valuable, in the right markets.  It’s all about choice, where you want your career to go, and who you want to work with / for.

    Regards.

  • #26936
     RoleReversal 
    Participant

    Hi Termight,

    I didn’t say that CCIE pays more than security, don’t have the knowledge or stats to back that up. But from anecdotal evidence you’ll likely find it easier to convince non-technical HR/Management/organisations to pay big bucks for a ‘network guy’ than a ‘security guy’. Just business mentality. But as Hayabusa states, where/what do you want to work can be more important in the long run than who will pay the most money. Plenty of factors to consider.

You must be logged in to reply to this topic.

Copyright ©2019 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?