Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: NSE Script to exploit the Windows Vista and 7 SMB 2.0 remote BSOD bug?

From: Ron <ron () skullsecurity net>
Date: Thu, 10 Sep 2009 09:03:04 -0500
On 09/10/2009 12:44 AM, Fyodor wrote:

Has anyone started looking at a script to detect and/or exploit this issue?

http://seclists.org/fulldisclosure/2009/Sep/0039.html
http://it.slashdot.org/story/09/09/08/1345247/Windows-7-Reintroduces-Remote-BSoD?from=rss
http://trac.metasploit.com/browser/framework3/trunk/modules/auxiliary/dos/windows/smb/smb2_negotiate_pidhigh.rb?rev=7010
http://crenk.com/windows-7-exploit-causes-bsod/
http://isc.sans.org/diary.html?storyid=7093

It does not look like a script to exploit the issue to crash a machine
would be very hard.  It would go into the "intrusive" category, and we
might want to put it in a new "dos" category as well.

Even better would be a script which can reliably detect the
vulnerability without exploiting it.  The script could have a special
option for when exploitation is desired as well.

Cheers,
Fyodor
Wow, I was just looking at the FD post, and I can code that in about 5 minutes to just BSoD the machine. I wouldn't bother using the SMB library (it's SMBv2 and my library is SMBv1), but it's just like 4 packets.
I don't have a Vista/7 machine to test on at work, but I'm downloading one from MSDN right now. Give me a couple hours.
I haven't researched this -- do you know if there's a way to check for this vulnerability without crashing (or actively exploiting) the machine? 

Ron

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Previous By Date Next
Previous By Thread Next

Current thread: