New SMB Relay Implementation --Incorporate sombi

[stewart_fey at yahoo.com (Stewart Fey)]

I might?have mentioned this in the past but I would love to see Metasploit incorporate a "passive" exploit for the SMB 
Relay exploit.
Currently, you have to upload an executable, etc (like other exploits) to run any code?to get access to a box using SMB.

But since the exploit is really just passing? a hash there isn't a need to have to download code which might get 
detected, leaves traces, etc.

Is anybody interested in incorporating the SOMBI code from Truesec for this?? What the code does (which is open source 
and can be modified) 
is very similar to Metasploit's SMB listener except that it connects back to the source with an admin share, no 
uploading of code required.

The code is a little buggy but I think it could be cleaned up by the smart folks at Metasploit (Unfortunately, I'm not 
skilled enough to do it).

Incorporating this code would do the following:? 
        1. Make it cleaner for white hat pen testers to use the exploit without worrying about clean up.
        2. It would also keep the Anti-Virus software at bay.
Thoughts...??? sombi can be downloaded here:

http://www.truesec.com/PublicStore/catalog/Downloads,223.aspx?

--Stewart


      
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.metasploit.com/pipermail/framework/attachments/20081110/ca38e8bf/attachment.htm>