[NSE] samba-vuln-cve-2017-7494.nse: Script to detect CVE-2017-7494

[Wong Wai Tuck <wongwaituck () gmail com>]

Hey all,

I've been working on the vulnerability detection script [1] since yesterday
and would like to share what I've done so far. I have attached the script
in this email as well.

The script currently checks for the following before determining whether it
is vulnerable:
  1) whether the service running is the correct version of Samba
  2) whether there exists writable shares for the execution of the script
  3) whether the workaround (disabling of named pipes, i.e. nt pipe support
= no) was applied

You can see it in action here [2].

Really grateful for my mentor, George, who pointed out the vulnerability to
me when it was released, and who patiently gave me prompt feedback as I
wrote the script. I made reference to the Metasploit module as it was being
developed, so really grateful for the discussion there [3].

We will be polishing the script over the weekend and we're thinking about
adding a more concrete check, i.e. actually writing a file into the share
and accessing it. We would appreciate any feedback on this and any help to
test the script against other targets!

Thanks and have a great weekend all!

[1]: https://gist.github.com/wongwaituck/62c863ba7aa28a2d22d0fe9cbe14a18b
[2]: https://www.youtube.com/watch?edit=vd&v=JuPZc7um8x4
[3]: https://github.com/rapid7/metasploit-framework/pull/8450

With Regards
Wai Tuck

Attachment: samba-vuln-cve-2017-7494.nse
Description:

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/