Nmap Development mailing list archives

Re: [NSE] samba-vuln-cve-2017-7494.nse: Script to detect CVE-2017-7494

From: Paulino Calderon <paulino () calderonpale com>
Date: Fri, 26 May 2017 10:58:39 -0500

Hey,
Good job Wong. Just yesterday I spotted a bug that is preventing smb.lua to
connect to modern versions of Windows. I think it might also affect your
script as it seems to affect all smb scripts.

The library has support for file write operations so it can easily be
implemented in the check as well. Maybe we don't need to drop an actual
file but detecting a writable directory could be enough.

Let me work on the patch and I'll send you more feedback about your script.

Cheers.

El 26 may. 2017 10:40 AM, "Wong Wai Tuck" <wongwaituck () gmail com> escribió:

Hey all,

I've been working on the vulnerability detection script [1] since
yesterday and would like to share what I've done so far. I have attached
the script in this email as well.

The script currently checks for the following before determining whether
it is vulnerable:
  1) whether the service running is the correct version of Samba
  2) whether there exists writable shares for the execution of the script
  3) whether the workaround (disabling of named pipes, i.e. nt pipe
support = no) was applied

You can see it in action here [2].

Really grateful for my mentor, George, who pointed out the vulnerability
to me when it was released, and who patiently gave me prompt feedback as I
wrote the script. I made reference to the Metasploit module as it was being
developed, so really grateful for the discussion there [3].

We will be polishing the script over the weekend and we're thinking about
adding a more concrete check, i.e. actually writing a file into the share
and accessing it. We would appreciate any feedback on this and any help to
test the script against other targets!

Thanks and have a great weekend all!

[1]: https://gist.github.com/wongwaituck/62c863ba7aa28a2d22d0fe9cbe14a18b
[2]: https://www.youtube.com/watch?edit=vd&v=JuPZc7um8x4
[3]: https://github.com/rapid7/metasploit-framework/pull/8450

With Regards
Wai Tuck

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/

Current thread:

[NSE] samba-vuln-cve-2017-7494.nse: Script to detect CVE-2017-7494 Wong Wai Tuck (May 26)
- Re: [NSE] samba-vuln-cve-2017-7494.nse: Script to detect CVE-2017-7494 Paulino Calderon (May 26)
- Re: [NSE] samba-vuln-cve-2017-7494.nse: Script to detect CVE-2017-7494 Daniel Miller (May 26)
  - Re: [NSE] samba-vuln-cve-2017-7494.nse: Script to detect CVE-2017-7494 Wong Wai Tuck (May 27)
    - Re: [NSE] samba-vuln-cve-2017-7494.nse: Script to detect CVE-2017-7494 Wong Wai Tuck (Jun 07)
    - Re: [NSE] samba-vuln-cve-2017-7494.nse: Script to detect CVE-2017-7494 Wong Wai Tuck (Jun 11)