-
-
[转帖]Microsoft SRV2.SYS SMB Negotiate ProcessID Function Table Dereference (MS09-050)
-
2010-8-18 06:05 3145
-
[转帖]Microsoft SRV2.SYS SMB Negotiate ProcessID Function Table Dereference (MS09-050)
2010-8-18 06:05
3145
Microsoft SRV2.SYS SMB Negotiate ProcessID Function Table Dereference
---------------------------------------------------------------------
Exploited by Piotr Bania // www.piotrbania.com
Exploit for Vista SP2/SP1 only, should be reliable!
Tested on:
Vista sp2 (6.0.6002.18005)
Vista sp1 ultimate (6.0.6001.18000)
Kudos for:
Stephen, HDM, Laurent Gaffie(bug) and all the mates i know, peace.
Special kudos for prdelka for testing this shit and all the hosters.
Sample usage
------------
> smb2_exploit.exe 192.167.0.5 45 0
> telnet 192.167.0.5 28876
Microsoft Windows [Version 6.0.6001]
Copyright (c) 2006 Microsoft Corporation. All rights reserved.
C:\Windows\system32>whoami
whoami
nt authority\system
C:\Windows\system32>
When all is done it should spawn a port TARGET_IP:28876
RELEASE UPDATE 08/2010:
----------------------
This exploit was created almost a year ago and wasnt modified from that time
whatsoever. The vulnerability itself is patched for a long time already so
i have decided to release this little exploit. You use it for your own
responsibility and im not responsible for any potential damage this thing
can cause. Finally i don't care whether it worked for you or not.
P.S the technique itself is described here:
http://blog.metasploit.com/2009/10/smb2-351-packets-from-trampoline.html
===========================================================================
Download:
http://www.exploit-db.com/sploits/smb2_exploit_release.zip
---------------------------------------------------------------------
Exploited by Piotr Bania // www.piotrbania.com
Exploit for Vista SP2/SP1 only, should be reliable!
Tested on:
Vista sp2 (6.0.6002.18005)
Vista sp1 ultimate (6.0.6001.18000)
Kudos for:
Stephen, HDM, Laurent Gaffie(bug) and all the mates i know, peace.
Special kudos for prdelka for testing this shit and all the hosters.
Sample usage
------------
> smb2_exploit.exe 192.167.0.5 45 0
> telnet 192.167.0.5 28876
Microsoft Windows [Version 6.0.6001]
Copyright (c) 2006 Microsoft Corporation. All rights reserved.
C:\Windows\system32>whoami
whoami
nt authority\system
C:\Windows\system32>
When all is done it should spawn a port TARGET_IP:28876
RELEASE UPDATE 08/2010:
----------------------
This exploit was created almost a year ago and wasnt modified from that time
whatsoever. The vulnerability itself is patched for a long time already so
i have decided to release this little exploit. You use it for your own
responsibility and im not responsible for any potential damage this thing
can cause. Finally i don't care whether it worked for you or not.
P.S the technique itself is described here:
http://blog.metasploit.com/2009/10/smb2-351-packets-from-trampoline.html
===========================================================================
Download:
http://www.exploit-db.com/sploits/smb2_exploit_release.zip
[CTF入门培训]顶尖高校博士及硕士团队亲授《30小时教你玩转CTF》,视频+靶场+题目!助力进入CTF世界
赞赏
他的文章
看原图