Page 1 of 3 123 LastLast
Results 1 to 10 of 25

Thread: MS08-067 POCs?

  1. #1
    Just burned his ISO
    Join Date
    Aug 2007
    Posts
    9

    Default MS08-067 POCs?

    Anyone know of a public POC for MS08-067? My employer is interested in specific details I can only get by A) screwing around in IDA Pro looking for the function call that b0rks this; or B) reading through a proof-of-concept, familiarizing myself with the SMB protocol in context, and figuring out exactly what's going on here.

    The best I've found is an explanation on MSDN (which I'm not allowed to post yet, since I need to make 15 or more posts...), but it only helps with (A)


    (Note that, among other things, it's always possible to grab the patch itself, compare its contents to the currently installed DLLs, and look at the changes specifically... not the easiest thing in the world but doable, just very time consuming for us rank amateurs in the exploit dev arena, and assumes you can make sense of what you read)

  2. #2

    Default

    pay immunity for it

  3. #3
    Member
    Join Date
    Dec 2007
    Location
    @InterN0T
    Posts
    315

    Default

    SecurityFocus and Milw0rm has the same Proof of Concept for it, if you wait long enough
    for it, you might be lucky that someone release a metasploit module for it Though i'm
    looking into it at the moment, just to see if it's possible for my low intelligense to exploit it.

    I don't know exactly right now how the flow and control is in the exploit/vulnerability,
    so i guess you could try starting to debug the service and try it out yourself?
    [quote][I]I realized, that I had fallen down from the top of the mountain into a deep, terrifying and dark hole, just to find out that another mountain in front of me, much greater than the previous, was the next step in life. I began to wander uphill on the next mountain of life while I knew it would be much harder than the previous mountain. [/I]- MaXe[/quote]

  4. #4
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default

    http://boards.cexx.org/index.php?act...;topic=17890.0 provides lots of info sources. I'm hunting a POC.
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

  5. #5
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

  6. #6
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

  7. #7
    Good friend of the forums williamc's Avatar
    Join Date
    Feb 2010
    Location
    Chico CA
    Posts
    285

  8. #8
    Just burned his ISO
    Join Date
    Feb 2006
    Posts
    24

    Default

    Wesley McGrew has a lot of good links as well

    http://www.mcgrewsecurity.com/2008/10/24/ms08-067/
    Mubix
    CERT / Hacker / Security Enthusiast
    http://www.room362.com/sig.jpg

  9. #9
    Member hawaii67's Avatar
    Join Date
    Feb 2006
    Posts
    318
    Don't eat yellow snow :rolleyes:

  10. #10
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default

    Funny!
    This bug is pretty interesting, because it is in the same area of code as the MS06-040 buffer overflow, but it was completely missed by all security researchers and Microsoft. It's quite embarassing.
    Yet, scary at the same time.
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

Page 1 of 3 123 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •