- Home
- CVEs with metasploit.description==This+module+is+a+port+of+the+Equation+Group+ETERNALBLUE+exploit%2C+part+of+the+FuzzBunch+toolkit+released+by+Shadow+Brokers.+There+is+a+buffer+overflow+memmove+operation+in+Srv%21SrvOs2FeaToNt.+The+size+is+calculated+in+Srv%21SrvOs2FeaListSizeToNt%2C+with+mathematical+error+where+a+DWORD+is+subtracted+into+a+WORD.+The+kernel+pool+is+groomed+so+that+overflow+is+well+laid-out+to+overwrite+an+SMBv1+buffer.+Actual+RIP+hijack+is+later+completed+in+srvnet%21SrvNetWskReceiveComplete.+This+exploit%2C+like+the+original+may+not+trigger+100%25+of+the+time%2C+and+should+be+run+continuously+until+triggered.+It+seems+like+the+pool+will+get+hot+streaks+and+need+a+cool+down+period+before+the+shells+rain+in+again.+The+module+will+attempt+to+use+Anonymous+login%2C+by+default%2C+to+authenticate+to+perform+the+exploit.+If+the+user+supplies+credentials+in+the+SMBUser%2C+SMBPass%2C+and+SMBDomain+options+it+will+use+those+instead.+On+some+systems%2C+this+module+may+cause+system+instability+and+crashes%2C+such+as+a+BSOD+or+a+reboot.+This+may+be+more+likely+with+some+payloads
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top