Fix report_vuln/print_error in smb_ms17_010 #8255
Conversation
| host: ip, | ||
| name: self.name, | ||
| refs: self.references, | ||
| info: 'STATUS_INSUFF_SERVER_RESOURCES for FID 0 against IPC$' |
There was a problem hiding this comment.
Happy to change this to something else, but this is what made the most sense to me, given that we're already reporting module title and references.
|
Is it possible to make an exploit module of this vulnerability ? |
|
@jork2345 according to Microsoft, this is exploitable with EternalBlue, EternalRomance, and EternalSynergy https://blogs.technet.microsoft.com/msrc/2017/04/14/protecting-customers-and-evaluating-risk/ These are some of the most complex exploits I've ever seen, and I don't say that lightly. Eternalromance does a ridiculous amount of "grooming", aka remote heap feng shui. In the case of EternalBlue, it simultaneously exploits SMBv1 and SMBv2, and talks Cairo, an undocumented SMB LanMan alternative. I haven't even gotten around to looking at EternalSynergy. tl;dr The exploit modules are gonna be huge, even if they simply just replay the pcaps of these exploits. |
|
Running the vulns command with smb_ms17_010 now shows vulnerabilities and running the print_error command doesn't error out when scanning a range of hosts. |
report_vulnwas missing the necessary keys to store the vuln in the database.print_errorgot annoying when scanning a range of hosts.vulnsshows the vuln now#8167