Re: NSE Script to exploit the Windows Vista and 7 SMB 2.0 remote BSOD bug?

[Ron <ron () skullsecurity net>]

I can trigger the DoS pretty easily, but I'm having trouble telling if 
the server was taken offline. The connect() and send() calls seem to be 
returning the wrong result (a packetlogger tells me that the server 
isn't responding, yet connect() returns true). I've attached the script 
that *should* return the correct results, but it only returns "TEST!" 
for me, which tells me that the connect() is succeeding.

Any thoughts?

On 09/10/2009 12:44 AM, Fyodor wrote:
> Has anyone started looking at a script to detect and/or exploit this issue?
>
> http://seclists.org/fulldisclosure/2009/Sep/0039.html
> http://it.slashdot.org/story/09/09/08/1345247/Windows-7-Reintroduces-Remote-BSoD?from=rss
> http://trac.metasploit.com/browser/framework3/trunk/modules/auxiliary/dos/windows/smb/smb2_negotiate_pidhigh.rb?rev=7010
> http://crenk.com/windows-7-exploit-causes-bsod/
> http://isc.sans.org/diary.html?storyid=7093
>
> It does not look like a script to exploit the issue to crash a machine
> would be very hard.  It would go into the "intrusive" category, and we
> might want to put it in a new "dos" category as well.
>
> Even better would be a script which can reliably detect the
> vulnerability without exploiting it.  The script could have a special
> option for when exploitation is desired as well.
>
> Cheers,
> Fyodor
>
>
>
> _______________________________________________
> Sent through the nmap-dev mailing list
> http://cgi.insecure.org/mailman/listinfo/nmap-dev
> Archived at http://SecLists.Org

Attachment: smb-check-vulns.nse
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org