Apparently, it took Microsoft 7 years to finally address this vulnerability as mentioned here. According to this article, exploit code of this flaw is currently available in the internet. In fact, Metasploit has a PoC/working exploit which runs under the 'sploit framework.
The released patch, although given just a criticality rating of "Important" (whereas, MS08-069 was rated "Critical"), appears more interesting given the fact that this fixes a 7-year old flaw.
Going back to the SMBRelay tool, here are some switches and parameters that the tool uses:
Usage: smbrelay [options]
Options:
/D num - Set debug level, current valid levels: 0 (none), 1, 2 (Default is 0)
/E - Enumerates interfaces and their indexes
/IL num - Set the interface index to use when adding local IP addresses
/IR num - Set the interface index to use when adding relay IP addresses
Defaults to 1. Use /E to display the adapter indexes
/L[+] IP - Set the local IP to listen on for incoming NetBIOS connections
Use + to first add the IP address to the NIC
Defaults to primary host IP
/R[-] IP - Set the starting relay IP address to use
Use - to NOT first add each relay IP address to the NIC
Defaults to 192.1.1.1
/S name - Set the source machine name
Defaults to CDC4EVER
SMBRelay2, on the other hand, has the following switches and parameters:
SMBRelay2 [Options]
Options:
/A LanaNum - Use LanaNum
Defaults to 0
/D DebugLevel - Level of debug messages, valid levels 0 - 3
Defaults to 0
/L LocalName - Listen for primary connection on LocalName
Defaults to SERVER
/R RelayName - Listen for relay connection on RelayName
Defaults to RELAY
/S SourceName - Use SourceName when connecting to target
Defaults to CDC4EVER
/T TargetName - Connect to TargetName for relay
Defaults to connecting back to client
0 comments:
Post a Comment