This Metasploit module exploits a denial of service flaw in the Microsoft Windows SMB service on versions of Windows prior to the August 2010 Patch Tuesday. To trigger this bug, you must be able to access a share with at least read privileges. That generally means you will need authentication. However, if a system has a guest accessible share, you can trigger it without any authentication.
d21a5048f75da86ab532ba9d4cc90e95331aa5e10825891e1c4b7d9f069c2020
This Metasploit module exploits a denial of service flaw in the Microsoft Windows SMB client on Windows 7 and Windows Server 2008 R2. To trigger this bug, run this module as a service and forces a vulnerable client to access the IP of this system as an SMB server. This can be accomplished by embedding a UNC path (\\HOST\share\something) into a web page if the target is using Internet Explorer, or a Word document otherwise.
9beedad3e3c3103e0197e08fdbc451bf1f5445929f6c5022c987a0616228427c
This Metasploit module exploits an out of bounds function table dereference in the SMB request validation code of the SRV2.SYS driver included with Windows Vista, Windows 7 release candidates (not RTM), and Windows 2008 Server prior to R2. Windows Vista without SP1 does not seem affected by this flaw.
eb306cad88b29720e7dac7d13bc441bdf247266d948c8cc0122be192d6f3a8f2
Microsoft Windows 10 SMBv3 tree connect proof of concept exploit.
343da4ee047ee5f258a982c57d4135b6f38f56c8423e847bc62819ca100b5eaa
A vulnerability in Windows Local Security Authority Subsystem Service (LSASS) was found on Windows OS versions ranging from Windows XP through to Windows 10. This vulnerability allows an attacker to remotely crash the LSASS.EXE process of an affected workstation with no user interaction. Successful remote exploitation of this issue will result in a reboot of the target machine. Local privilege escalation should also be considered likely. Microsoft acknowledged the vulnerability and has published an advisory (MS16-137) and a patch, resolving this issue.
ede457e2a6d12a01273f1ee5e4c66f2c48cf2de28c09d56c3fd64944958fff14
Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication.
e556daa1f0a339ac90d98107c072ac75bc867a9e63f2f39b053bde5bf3acaa0b
Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication.
bd21c3071ebd2748be93ab69f92a2df8a758d1b418b5dfa81b16acb38bed7e83
This tool extracts credit card numbers, NTLM(DCE-RPC, HTTP, SQL, LDAP, etc), Kerberos (AS-REQ Pre-Auth etype 23), HTTP Basic, SNMP, POP, SMTP, FTP, IMAP, and more from a pcap file or from a live interface.
6a4ebb9233e9c4bc5f6625c3d1e68f90988774a7b8b02f8e394c0e6d53a1dded
A vulnerability in Windows DHCP was found on Windows OS versions ranging from Windows 2000 through to Windows server 2003. This vulnerability allows an attacker to remotely overwrite DNS, Gateway, IP Addresses, routing, WINS server, WPAD, and server configuration with no user interaction. Successful exploitation of this issue will result in a remote network configuration overwrite. Microsoft acknowledged the issue but has indicated no plans to publish a patch to resolve it.
68feec1acf88fdf52a32016c6e49e528f8ca6ec2c6263a77340e61f67e88e005
A vulnerability in the Windows kernel can be triggered via SMB in Microsoft Windows versions ranging from Windows 2000 through to Windows 7. This vulnerability allows an attacker to trigger a kernel pool corruption by sending a specially crafted SMB_COM_TRANSACTION2 request. Successful exploitation of this issue may result in remote code execution with kernel privileges, while failed attempts will result in a denial of service condition.
f005868865614c597a3fad090b52b161a95821d28cae99a3a7a1521cce7eda00
Exploit for the Microsoft SMB Server Trans2 zero size pool alloc vulnerability as discussed in MS10-054.
939654afe2288d6e948a7df3cc4ffbd715224ce006d2df8c3546ea053a424566
A vulnerability exists in the Netware CIFS.NLM driver which allows an attacker to trigger a kernel stack overflow by sending a specific 'Sessions Setup AndX' query. Successful exploitation of this issue will result in remote code execution with kernel privileges. Failed attempts may result in a remote denial of service. Netware SMB version 1.0 is vulnerable.
86fccc6fafa7825b20615a1581e12b2c31b07679a3f3f3f334176b42bac87055
Two vulnerabilities were discovered within in the Samba Smbd daemon which allow an attacker to trigger a null pointer dereference or an uninitialized variable read by sending a specific 'Sessions Setup AndX' query. Successful exploitation of these issues will result in a denial of service. Versions 3.4.7 and below and 3.5.1 and below are affected.
966a849f6f0bbe77647f785e18d732c6cf90fc1d9ef2d25203e0af89f41f2e05
Microsoft Windows 7/2008R2 SMB Client Trans2 stack overflow exploit that leverages the vulnerability discussed in MS10-020.
c3792c66700a76e600e4a641a3d11ba1c09fab08f19b94f78816408c90755b20
MS10-006 SMB client-side bug proof of concept exploit.
02653212f9c67f3771d0ec91567c4eb4fc34e537ee7ab9fc8b174bcb6189b5aa
A vulnerability exists in the SMB client of Microsoft Windows 7 and Windows Server 2008 R2. This vulnerability allows an attacker to trigger a kernel stack overflow by sending a specific "SMB_COM_TRANSACTION2" response. Attacking the SMB client can be achieved by convincing a user to connect to a malicious SMB server. Alternatively, the attacker could attempt man-in-the-middle attacks (such as ARP spoofing, NBNS packet spoofing, etc.) to redirect legitimate SMB connections to a malicious SMB server. Successful exploitation of this issue may result in remote code execution with kernel privileges.
4634330c6b9a740411368733ef3422e5a35456f847e190d753c1af27f8b65e09
This Metasploit module exploits an out of bounds function table dereference in the SMB request validation code of the SRV2.SYS driver included with Windows Vista, Windows 7 release candidates (not RTM), and Windows 2008 Server prior to R2. Windows Vista without SP1 does not seem affected by this flaw.
de2b37c604aa41ff0e596df449f770135048223b2482bc370245289a93342173
A vulnerability exists in the Microsoft SMB client which allows an attacker to trigger a kernel pool memory corruption by sending a specific 'Negotiate Protocol' response.
dd4096a3adf7c94d29852abe073cbc999aa234b0784a145cc1d0c9ce5a2c7733
This is the ICMPv4/IP fuzzer prototype code.
35272cf0bbd351d1c3768a01705b36f56401acf729c58cd4d80efa24fbe4308b
Proof of concept exploit that demonstrates a remote kernel crash vulnerability in Windows 7.
0c550ae47995e2697019b90be957f6aecb34773bd99b762df6389336df4d7c85
Snort versions 2.8.5 and below suffer from an IPv6 related remote denial of service vulnerability.
fd81c9b1d14a60efa89b76dcfcfe0341d942a1d56a015464c5556527962cc83a
This Metasploit module exploits an out of bounds function table dereference in the SMB request validation code of the SRV2.SYS driver included with Windows Vista, Windows 7 release candidates (not RTM), and Windows 2008 Server prior to R2. Windows Vista without SP1 does not seem affected by this flaw.
ea2b810d8a275178be0dfc2ccca862cb1f378b8ed6266f448f49b3fcfd6fdeb8
Windows Vista/7 suffers from a denial of service vulnerability when passed a malformed SMB header for the NEGOTIATE PROTOCOL REQUEST. Proof of concept code included.
174af7761f8dbd62d9c3fd54dfd4021b7415ae5b556af67477ba21dc7862de4d
WordPress versions 2.8.3 and below suffer from an arbitrary administrative password reset vulnerability.
2aebade190a8d67f8fd45987340b39948b70880e72d7a23065d3f58fea507c93
Soulseek versions 157 NS below 13e and all versions of 156 suffer from a remote peer search code execution vulnerability.
f4dc93b0e17e9d360d0c68d40d4e75142ee147a08f18dd69e8e6d31951a951dc