Dailydave mailing list archives
SMBv2 Remote Exploit Improvements
From: Kostya Kortchinsky <kostya () immunityinc com>
Date: Thu, 17 Sep 2009 16:52:08 -0400
Immunity, Inc. (mostly Nicolas Pouvesle and Skylar Rampersaud - who are awesome by the way) has improved the initial exploit for the SMBv2 vulnerability. CANVAS Early Update customers can grab the latest version here: http://www.immunityinc.com/ceu-index.shtml It will now get you a SYSTEM shell on Vista and 2008 Server, SP1 or SP2, up-to-date or not, as long as its x86. SP0 is in the works, and x64 too. The latest might turn out to be the hardest. One of the funny tricks we used in the early versions (involving some RDTSC remote black magic) is now gone, making it more reliable. Add to that the fact that Windows is handing out the Service Pack version in the NativeOS SMB field, and you get a vulnerability that is decently wormable on x86 platforms. I have to admit that the exploitation path we chose makes it the most interesting exploit to write of 2009! Dave's awesome Windows Video, pretty and commented: http://immunityinc.com/documentation/smbv2.html (against a 2008 SP1 English and a Vista SP2 French) Xvidcap on Ubuntu dropping my frames like crazy video: http://immunityinc.com/documentation/smb2.html (against a Vista SP2 English) Cheers, Kostya _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- SMBv2 Remote Exploit Improvements Kostya Kortchinsky (Sep 17)