Windows SMBv3 0Day PoC DoS Exploit Released http://ow.ly/8VsP509cwVJ
-
-
Replying to @johullrich
I didn't think that browsers allowed cross-protocol linking like that for a while. Am I missing something?pic.twitter.com/Ok7hFFTlqq
2 replies 1 retweet 0 likes -
Replying to @wdormann
I thought so too. but my test file worked. Maybe because it was hosted locally.
1 reply 0 retweets 0 likes -
Replying to @johullrich
Web browsers behave quite differently when viewing local content vs. a web server. Local -> SMB is OK. HTTP -> SMB is not.
1 reply 0 retweets 0 likes -
Replying to @wdormann
and while testing, I played with the URL, and it doesn't matter what you use exactly, as long as it starts with \\[attackerip\
1 reply 0 retweets 0 likes -
Replying to @johullrich
Sure. It's just any modern browser viewing web content on the internet will not allow such a link to be made (plugins aside).
1 reply 0 retweets 0 likes -
Replying to @wdormann
I am running a Edge on a plain Windows 10 install and it is vulnerable. The browser does trigger SMB and there is no plugin AFAIK
1 reply 0 retweets 0 likes -
Replying to @johullrich
Interesting. What exactly did you do after launching the browser to trigger the bug?
2 replies 0 retweets 0 likes -
Replying to @wdormann
I only went to a webpage that I set up that include the img tag with src="\\[ip]\x.git" . Here is a pcap : https://isc.sans.edu/diaryimages/smbhttpexploit.pcap …
1 reply 0 retweets 0 likes
Right on. I can confirm that IMG works! IFRAME, didn't, A HREF didn't, etc. Excellent work!
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.