Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2009-3103 PoC — Microsoft Windows Vista和Windows 7畸形SMB报文远程拒绝服务漏洞

Source
https://github.com/Sic4rio/CVE-2009-3103---srv2.sys-SMB-Code-Execution-Python-MS09-050-
Associated Vulnerability
Title:Microsoft Windows Vista和Windows 7畸形SMB报文远程拒绝服务漏洞 (CVE-2009-3103)
Description:Array index error in the SMBv2 protocol implementation in srv2.sys in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold and SP2, and Windows 7 RC allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via an & (ampersand) character in a Process ID High header field in a NEGOTIATE PROTOCOL REQUEST packet, which triggers an attempted dereference of an out-of-bounds memory location, aka "SMBv2 Negotiation Vulnerability." NOTE: some of these details are obtained from third party information.
Description
Microsoft Windows - 'srv2.sys' SMB Code Execution (Python) (MS09-050)
Readme
# Microsoft-Windows---srv2.sys-SMB-Code-Execution-Python-MS09-050-
Microsoft Windows - 'srv2.sys' SMB Code Execution (Python) (MS09-050)

# Exploit for CVE-2009-3103

## Overview

This Python script is an updated version of a public exploit for CVE-2009-3103. The original code relied on the SMB.connection module, which has been replaced in this version to make the script more versatile and compatible.

## Description

The exploit targets a specific vulnerability (CVE-2009-3103) and injects a payload into a target system, triggering an authentication event to execute the payload.

## Usage

1. Clone the repository:

    ```bash
    git clone <repository-url>
    ```

2. Run the exploit script with the target IP:

    ```bash
    python exploit.py <target-ip>
    ```

## Disclaimer

This script is provided as-is and for educational purposes. Be aware of the legal implications of using such tools in unauthorized environments. Use responsibly and with proper authorization.

## Credits

Original exploit source: [Original Exploit]([https://github.com/ohnozzy/Exploit](https://www.exploit-db.com/exploits/40280))

## License

This project is licensed under the [MIT License](LICENSE).
File Snapshot

 [4.0K]  /data/pocs/4e1f7dd00dd7e2875951e6598125176542a33f3f
├── [4.5K]  MS09-050.py
└── [1.2K]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →