Nmap Development mailing list archives
Re: NSE Script to exploit the Windows Vista and 7 SMB 2.0 remote BSOD bug?
From: Trancer <mtrancer () gmail com>
Date: Thu, 10 Sep 2009 17:12:15 +0300
Check out HD Moore's SMB 2.0 scanner for Metasploit. It doesn't check for this vulnerability, but thats the start... http://trac.metasploit.com/browser/framework3/trunk/modules/auxiliary/scanner/smb/smb2.rb Ron wrote:
On 09/10/2009 12:44 AM, Fyodor wrote:Has anyone started looking at a script to detect and/or exploit this issue? http://seclists.org/fulldisclosure/2009/Sep/0039.html http://it.slashdot.org/story/09/09/08/1345247/Windows-7-Reintroduces-Remote-BSoD?from=rss http://trac.metasploit.com/browser/framework3/trunk/modules/auxiliary/dos/windows/smb/smb2_negotiate_pidhigh.rb?rev=7010 http://crenk.com/windows-7-exploit-causes-bsod/ http://isc.sans.org/diary.html?storyid=7093 It does not look like a script to exploit the issue to crash a machine would be very hard. It would go into the "intrusive" category, and we might want to put it in a new "dos" category as well. Even better would be a script which can reliably detect the vulnerability without exploiting it. The script could have a special option for when exploitation is desired as well. Cheers, FyodorWow, I was just looking at the FD post, and I can code that in about 5 minutes to just BSoD the machine. I wouldn't bother using the SMB library (it's SMBv2 and my library is SMBv1), but it's just like 4 packets. I don't have a Vista/7 machine to test on at work, but I'm downloading one from MSDN right now. Give me a couple hours. I haven't researched this -- do you know if there's a way to check for this vulnerability without crashing (or actively exploiting) the machine? Ron _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
-- Trancer Recognize-Security http://www.rec-sec.com _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- NSE Script to exploit the Windows Vista and 7 SMB 2.0 remote BSOD bug? Fyodor (Sep 09)
- Re: NSE Script to exploit the Windows Vista and 7 SMB 2.0 remote BSOD bug? Fyodor (Sep 10)
- Re: NSE Script to exploit the Windows Vista and 7 SMB 2.0 remote BSOD bug? Ron (Sep 10)
- Re: NSE Script to exploit the Windows Vista and 7 SMB 2.0 remote BSOD bug? Trancer (Sep 10)
- Re: NSE Script to exploit the Windows Vista and 7 SMB 2.0 remote BSOD bug? Rob Nicholls (Sep 10)
- Re: NSE Script to exploit the Windows Vista and 7 SMB 2.0 remote BSOD bug? Ron (Sep 10)
- Re: NSE Script to exploit the Windows Vista and 7 SMB 2.0 remote BSOD bug? David Fifield (Sep 13)
- Re: NSE Script to exploit the Windows Vista and 7 SMB 2.0 remote BSOD bug? David Fifield (Sep 14)
- Re: NSE Script to exploit the Windows Vista and 7 SMB 2.0 remote BSOD bug? Ron (Sep 14)