From 435ea807a4305e5298282419401bf113d1ccdaa9 Mon Sep 17 00:00:00 2001 From: HD Moore Date: Tue, 11 Nov 2008 20:46:21 +0000 Subject: [PATCH] Update the description and references to reflect (hah) MS08-068 git-svn-id: file:///home/svn/framework3/trunk@5890 4d416f70-5f16-0410-b530-b9f4589650da --- modules/exploits/windows/smb/smb_relay.rb | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/modules/exploits/windows/smb/smb_relay.rb b/modules/exploits/windows/smb/smb_relay.rb index 98f5c0c3f0..b64d9cad89 100644 --- a/modules/exploits/windows/smb/smb_relay.rb +++ b/modules/exploits/windows/smb/smb_relay.rb @@ -53,6 +53,13 @@ class Metasploit3 < Msf::Exploit::Remote The SMB authentication relay attack was first reported by Sir Dystic on March 31st, 2001 at @lanta.con in Atlanta, Georgia. + On November 11th 2008 Microsoft released bulletin MS08-068. This bulletin + includes a patch which prevents the relaying of challenge keys back to + the host which issued them, preventing this exploit from working in + the default configuration. It is still possible to set the SMBHOST + parameter to a third-party host that the victim is authorized to access, + but the "reflection" attack has been effectively broken. + }, 'Author' => [ @@ -73,6 +80,9 @@ class Metasploit3 < Msf::Exploit::Remote }, 'References' => [ + [ 'MSB', 'MS08-068'], + [ 'CVE', '2008-4037'], + [ 'URL', 'http://blogs.technet.com/swi/archive/2008/11/11/smb-credential-reflection.aspx'], [ 'URL', 'http://en.wikipedia.org/wiki/SMBRelay' ], [ 'URL', 'http://www.microsoft.com/technet/sysinternals/utilities/psexec.mspx' ], [ 'URL', 'http://www.xfocus.net/articles/200305/smbrelay.html' ]