Microsoft Windows 10 SMBv3 tree connect proof of concept exploit.
343da4ee047ee5f258a982c57d4135b6f38f56c8423e847bc62819ca100b5eaaA vulnerability in Windows Local Security Authority Subsystem Service (LSASS) was found on Windows OS versions ranging from Windows XP through to Windows 10. This vulnerability allows an attacker to remotely crash the LSASS.EXE process of an affected workstation with no user interaction. Successful remote exploitation of this issue will result in a reboot of the target machine. Local privilege escalation should also be considered likely. Microsoft acknowledged the vulnerability and has published an advisory (MS16-137) and a patch, resolving this issue.
ede457e2a6d12a01273f1ee5e4c66f2c48cf2de28c09d56c3fd64944958fff14Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication.
e556daa1f0a339ac90d98107c072ac75bc867a9e63f2f39b053bde5bf3acaa0bResponder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication.
bd21c3071ebd2748be93ab69f92a2df8a758d1b418b5dfa81b16acb38bed7e83This tool extracts credit card numbers, NTLM(DCE-RPC, HTTP, SQL, LDAP, etc), Kerberos (AS-REQ Pre-Auth etype 23), HTTP Basic, SNMP, POP, SMTP, FTP, IMAP, and more from a pcap file or from a live interface.
6a4ebb9233e9c4bc5f6625c3d1e68f90988774a7b8b02f8e394c0e6d53a1ddedA vulnerability in Windows DHCP was found on Windows OS versions ranging from Windows 2000 through to Windows server 2003. This vulnerability allows an attacker to remotely overwrite DNS, Gateway, IP Addresses, routing, WINS server, WPAD, and server configuration with no user interaction. Successful exploitation of this issue will result in a remote network configuration overwrite. Microsoft acknowledged the issue but has indicated no plans to publish a patch to resolve it.
68feec1acf88fdf52a32016c6e49e528f8ca6ec2c6263a77340e61f67e88e005A vulnerability in the Windows kernel can be triggered via SMB in Microsoft Windows versions ranging from Windows 2000 through to Windows 7. This vulnerability allows an attacker to trigger a kernel pool corruption by sending a specially crafted SMB_COM_TRANSACTION2 request. Successful exploitation of this issue may result in remote code execution with kernel privileges, while failed attempts will result in a denial of service condition.
f005868865614c597a3fad090b52b161a95821d28cae99a3a7a1521cce7eda00Exploit for the Microsoft SMB Server Trans2 zero size pool alloc vulnerability as discussed in MS10-054.
939654afe2288d6e948a7df3cc4ffbd715224ce006d2df8c3546ea053a424566A vulnerability exists in the Netware CIFS.NLM driver which allows an attacker to trigger a kernel stack overflow by sending a specific 'Sessions Setup AndX' query. Successful exploitation of this issue will result in remote code execution with kernel privileges. Failed attempts may result in a remote denial of service. Netware SMB version 1.0 is vulnerable.
86fccc6fafa7825b20615a1581e12b2c31b07679a3f3f3f334176b42bac87055Two vulnerabilities were discovered within in the Samba Smbd daemon which allow an attacker to trigger a null pointer dereference or an uninitialized variable read by sending a specific 'Sessions Setup AndX' query. Successful exploitation of these issues will result in a denial of service. Versions 3.4.7 and below and 3.5.1 and below are affected.
966a849f6f0bbe77647f785e18d732c6cf90fc1d9ef2d25203e0af89f41f2e05Microsoft Windows 7/2008R2 SMB Client Trans2 stack overflow exploit that leverages the vulnerability discussed in MS10-020.
c3792c66700a76e600e4a641a3d11ba1c09fab08f19b94f78816408c90755b20MS10-006 SMB client-side bug proof of concept exploit.
02653212f9c67f3771d0ec91567c4eb4fc34e537ee7ab9fc8b174bcb6189b5aaA vulnerability exists in the SMB client of Microsoft Windows 7 and Windows Server 2008 R2. This vulnerability allows an attacker to trigger a kernel stack overflow by sending a specific "SMB_COM_TRANSACTION2" response. Attacking the SMB client can be achieved by convincing a user to connect to a malicious SMB server. Alternatively, the attacker could attempt man-in-the-middle attacks (such as ARP spoofing, NBNS packet spoofing, etc.) to redirect legitimate SMB connections to a malicious SMB server. Successful exploitation of this issue may result in remote code execution with kernel privileges.
4634330c6b9a740411368733ef3422e5a35456f847e190d753c1af27f8b65e09This Metasploit module exploits an out of bounds function table dereference in the SMB request validation code of the SRV2.SYS driver included with Windows Vista, Windows 7 release candidates (not RTM), and Windows 2008 Server prior to R2. Windows Vista without SP1 does not seem affected by this flaw.
de2b37c604aa41ff0e596df449f770135048223b2482bc370245289a93342173A vulnerability exists in the Microsoft SMB client which allows an attacker to trigger a kernel pool memory corruption by sending a specific 'Negotiate Protocol' response.
dd4096a3adf7c94d29852abe073cbc999aa234b0784a145cc1d0c9ce5a2c7733This is the ICMPv4/IP fuzzer prototype code.
35272cf0bbd351d1c3768a01705b36f56401acf729c58cd4d80efa24fbe4308bProof of concept exploit that demonstrates a remote kernel crash vulnerability in Windows 7.
0c550ae47995e2697019b90be957f6aecb34773bd99b762df6389336df4d7c85Snort versions 2.8.5 and below suffer from an IPv6 related remote denial of service vulnerability.
fd81c9b1d14a60efa89b76dcfcfe0341d942a1d56a015464c5556527962cc83aThis Metasploit module exploits an out of bounds function table dereference in the SMB request validation code of the SRV2.SYS driver included with Windows Vista, Windows 7 release candidates (not RTM), and Windows 2008 Server prior to R2. Windows Vista without SP1 does not seem affected by this flaw.
ea2b810d8a275178be0dfc2ccca862cb1f378b8ed6266f448f49b3fcfd6fdeb8Windows Vista/7 suffers from a denial of service vulnerability when passed a malformed SMB header for the NEGOTIATE PROTOCOL REQUEST. Proof of concept code included.
174af7761f8dbd62d9c3fd54dfd4021b7415ae5b556af67477ba21dc7862de4dWordPress versions 2.8.3 and below suffer from an arbitrary administrative password reset vulnerability.
2aebade190a8d67f8fd45987340b39948b70880e72d7a23065d3f58fea507c93Soulseek versions 157 NS below 13e and all versions of 156 suffer from a remote peer search code execution vulnerability.
f4dc93b0e17e9d360d0c68d40d4e75142ee147a08f18dd69e8e6d31951a951dcSoulseek versions 157 NS and 156 suffer from a remote distributed search code execution vulnerability.
0d11d3312310612caef722fa39eccf0bd1f7d3ea3dd0c509b80de2bbe1813d8fVMware versions 2.5.1 and below remote denial of service exploit.
a0c9a07060798d754c1b523f88241f1a438aff5e854d29b97a61acb5c09af178Microsoft Windows Media Player .WAV file remote integer overflow exploit.
037f413b75594b96c7e16bd34a75b02b0cc4de146675b3f9a077e4a0dcce38a2
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed