Search the Community
Showing results for tags 'smb'.
SPEAR - Redirect to SMB April 13, 2015 By Brian Wallace We’ve uncovered a new technique for stealing sensitive login credentials from any Windows PC, tablet or server, including ones running previews of the yet-to-be-released Windows 10 operating system. Software from at least 31 companies including Adobe, Apple, Box, Microsoft, Oracle and Symantec can be exploited using this vulnerability, which we have dubbed Redirect to SMB. Carnegie Mellon University CERT disclosed the vulnerability to the public today (#VU672268), following six weeks of working with vendors to help them mitigate the issu
This is a general-purpose module for exploiting conditions where a HTTP request triggers a DLL load from an specified SMB share. This Metasploit module serves payloads as DLLs over an SMB service and allows an arbitrary HTTP URL to be called that would trigger the load of the DLL. ## # This module requires Metasploit: http://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = ManualRanking include Msf::Exploit::Remote::HttpClient include Msf::Exploit::Remote::SMB::Server::Sha