Page 1 of 3 123 LastLast
Results 1 to 10 of 24

Thread: Windows 7 Remote Kernel Crash

  1. #1
    My life is this forum Snayler's Avatar
    Join Date
    Jan 2010
    Posts
    1,418

    Default Windows 7 Remote Kernel Crash

    This bug is a real proof that SDL #FAIL
    The bug trigger an infinite loop on smb{1,2}, pre-auth, no credential needed...
    Can be trigered outside the lan via (IE*)
    The bug is so noob, it should have been spotted 2 years ago by the SDL if the SDL had ever existed:

    netbios_header = struct.pack(">i", len(''.join(SMB_packet))+SMB_packet
    (The netbios header provide the length of the incoming smb{1,2} packet)
    (...)

  2. #2
    Very good friend of the forum hhmatt's Avatar
    Join Date
    Jan 2010
    Posts
    660

    Default

    Great find! Win7 doesn't give me that warm and fuzzy feeling that it seems to give many others that I've talked to. I have a good feeling that win7 is going to be heavily exploited.

  3. #3
    My life is this forum Snayler's Avatar
    Join Date
    Jan 2010
    Posts
    1,418

    Default

    Quote Originally Posted by hhmatt81 View Post
    Great find! Win7 doesn't give me that warm and fuzzy feeling that it seems to give many others that I've talked to. I have a good feeling that win7 is going to be heavily exploited.
    Yes, everyone tells me that windoze 7 is so awesome.... I would just like to see their faces if they saw this exploit running.

  4. #4
    Junior Member IAMZOMBIE's Avatar
    Join Date
    Jan 2010
    Posts
    81

    Default

    Can someone explain how this works outside the lan. It says via IE.
    Does that mean simply that someone could write a virus that once downloaded and executed that it could then propagate via this exploit, or is this saying there is a flaw in both IE and SMB?

  5. #5
    Very good friend of the forum hhmatt's Avatar
    Join Date
    Jan 2010
    Posts
    660

    Default

    Quote Originally Posted by IAMZOMBIE View Post
    Can someone explain how this works outside the lan. It says via IE.
    Does that mean simply that someone could write a virus that once downloaded and executed that it could then propagate via this exploit, or is this saying there is a flaw in both IE and SMB?
    It's a flaw in SMB not IE. I'm unsure how exactly they are running the script via IE and I don't have win7 to even play around with this exploit yet to give a more definitive answer. My best guess would be a webserver that when viewed runs this script and allows remote code execution.

  6. #6
    Good friend of the forums
    Join Date
    Jun 2008
    Posts
    425

    Default

    Can someone explain how this works outside the lan. It says via IE.
    Does that mean simply that someone could write a virus that once downloaded and executed that it could then propagate via this exploit, or is this saying there is a flaw in both IE and SMB?
    Don't know the excate way but its a mutli vector attack, like haveing mailto: to use IE to target outlook express

  7. #7
    Junior Member Isohump's Avatar
    Join Date
    Sep 2009
    Posts
    63

    Default

    First of all nothing is perfect but so far windows 7 is more stable than mac. Second of all microsoft is never gonna make something unexploitable. Third I love linux don't get me wrong but sometimes it wouldn't hurt to get some of the everyday functionality needed in this world that microsoft provides. I love both and people swear like linux can't be exploited.

    Oh and by the way Snayler good job on your find.
    One day your life will flash before your eyes. Make sure its worth watching.

  8. #8
    Very good friend of the forum hhmatt's Avatar
    Join Date
    Jan 2010
    Posts
    660

    Default

    Quote Originally Posted by Isohump View Post
    First of all nothing is perfect but so far windows 7 is more stable than mac. Second of all microsoft is never gonna make something unexploitable. Third I love linux don't get me wrong but sometimes it wouldn't hurt to get some of the everyday functionality needed in this world that microsoft provides. I love both and people swear like linux can't be exploited.

    Oh and by the way Snayler good job on your find.
    1. What do you mean by stable and how is windows 7 more of that than macintosh?
    2. What everyday functionality does windows have over any other operating system and how could that enrich our lives?
    3. I don't recall anyone here stating that linux cannot be exploited. As a matter of fact I think most of us would agree that it's thoeretically just as exploitable as any other OS.

  9. #9
    My life is this forum Snayler's Avatar
    Join Date
    Jan 2010
    Posts
    1,418

    Default

    Quote Originally Posted by hhmatt81 View Post
    It's a flaw in SMB not IE. I'm unsure how exactly they are running the script via IE and I don't have win7 to even play around with this exploit yet to give a more definitive answer. My best guess would be a webserver that when viewed runs this script and allows remote code execution.
    You can always beg a friend who has win7 to test this. In what I've understood, the exploit works like this: you send a packet to a win7 machine in your network, but this packet is modified, having announced in the header a wrong packet size (smaller than the actual packet size). Just by sending this, the whole system just freezes completely.

    Quote Originally Posted by Isohump View Post
    First of all nothing is perfect but so far windows 7 is more stable than mac.
    LOL!

    Quote Originally Posted by Isohump View Post
    Second of all microsoft is never gonna make something unexploitable.
    Yes, microsoft also holds the record on most exploitable systems...

    Quote Originally Posted by hhmatt81 View Post
    3. I don't recall anyone here stating that linux cannot be exploited. As a matter of fact I think most of us would agree that it's thoeretically just as exploitable as any other OS.
    Linux is exploitable. For example, "Damn Vulnerable Linux", was made to be exploited. It's not just as fun as exploiting other systems, since it was designed to be exploited, while other systems are designed to be secure (at least they try to...). Besides that, Linux is mostly open source, other systems (mac, win) are closed systems, more challenging to exploit (plus, more fun).

  10. #10
    Senior Member SephStorm's Avatar
    Join Date
    Aug 2008
    Posts
    166

    Default

    Quote Originally Posted by hhmatt81 View Post
    1. What do you mean by stable and how is windows 7 more of that than macintosh?
    2. What everyday functionality does windows have over any other operating system and how could that enrich our lives?
    3. I don't recall anyone here stating that linux cannot be exploited. As a matter of fact I think most of us would agree that it's thoeretically just as exploitable as any other OS.
    1. Now I dont know about stability in mac, but I could go back and grab all the emails from a year or two ago about problems in OSX.
    2. Not everyone enjoys compiling everything. Not everyone likes having to run Wine or other programs just to play a game. and so on. We linux users tend to look down on ease of use, our security background doesnt help, that being understood, ease of use is why I will probably use windows for a very long time.

    As far as my windows 7 experience goes, I tried it on one computer for a test, next thing I know I was dual booting it on my laptop with vista. then i said, "Fk vista." so now I have two computers running 7, straight up. And I was not planning on upgrading. It runs very well, Little to no problems. Will there be security holes? yes, its a coded system. no such thing as perfect security.

    Yes, everyone tells me that windoze 7 is so awesome.... I would just like to see their faces if they saw this exploit running.
    Ever used it? Oh and my face would look the same as it would look if I saw an exploit running on any OS. I hope you see why this is causing a fuss. A comment like that would indicate that you think that just because the OS is "awesome" that it is perfect. Its not. We know that.

    Sorry for the rant. I tried not to reply to this thread early on.
    "You're only smoke and mirrors..."

Page 1 of 3 123 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •