Nmap Development mailing list archives
Re: [NSE] samba-vuln-cve-2017-7494.nse: Script to detect CVE-2017-7494
From: Paulino Calderon <paulino () calderonpale com>
Date: Fri, 26 May 2017 10:58:39 -0500
Hey, Good job Wong. Just yesterday I spotted a bug that is preventing smb.lua to connect to modern versions of Windows. I think it might also affect your script as it seems to affect all smb scripts. The library has support for file write operations so it can easily be implemented in the check as well. Maybe we don't need to drop an actual file but detecting a writable directory could be enough. Let me work on the patch and I'll send you more feedback about your script. Cheers. El 26 may. 2017 10:40 AM, "Wong Wai Tuck" <wongwaituck () gmail com> escribió:
Hey all, I've been working on the vulnerability detection script [1] since yesterday and would like to share what I've done so far. I have attached the script in this email as well. The script currently checks for the following before determining whether it is vulnerable: 1) whether the service running is the correct version of Samba 2) whether there exists writable shares for the execution of the script 3) whether the workaround (disabling of named pipes, i.e. nt pipe support = no) was applied You can see it in action here [2]. Really grateful for my mentor, George, who pointed out the vulnerability to me when it was released, and who patiently gave me prompt feedback as I wrote the script. I made reference to the Metasploit module as it was being developed, so really grateful for the discussion there [3]. We will be polishing the script over the weekend and we're thinking about adding a more concrete check, i.e. actually writing a file into the share and accessing it. We would appreciate any feedback on this and any help to test the script against other targets! Thanks and have a great weekend all! [1]: https://gist.github.com/wongwaituck/62c863ba7aa28a2d22d0fe9cbe14a18b [2]: https://www.youtube.com/watch?edit=vd&v=JuPZc7um8x4 [3]: https://github.com/rapid7/metasploit-framework/pull/8450 With Regards Wai Tuck _______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] samba-vuln-cve-2017-7494.nse: Script to detect CVE-2017-7494 Wong Wai Tuck (May 26)
- Re: [NSE] samba-vuln-cve-2017-7494.nse: Script to detect CVE-2017-7494 Paulino Calderon (May 26)
- Re: [NSE] samba-vuln-cve-2017-7494.nse: Script to detect CVE-2017-7494 Daniel Miller (May 26)
- Re: [NSE] samba-vuln-cve-2017-7494.nse: Script to detect CVE-2017-7494 Wong Wai Tuck (May 27)
- Re: [NSE] samba-vuln-cve-2017-7494.nse: Script to detect CVE-2017-7494 Wong Wai Tuck (Jun 07)
- Re: [NSE] samba-vuln-cve-2017-7494.nse: Script to detect CVE-2017-7494 Wong Wai Tuck (Jun 11)
- Re: [NSE] samba-vuln-cve-2017-7494.nse: Script to detect CVE-2017-7494 Wong Wai Tuck (May 27)