August 29th, 2002, 04:24 AM
I stumbled upon an old, but new Microsoft OS bashing application today circulating within the underground that I thought worthy to share with the security community. The application is called SMBDie.exe and is extremely effective in forcing any Microsoft operating system (including XP) to restart (check out the Nomad Mobile Research Center for more info). Many of you will probably think of WinNuke when hearing of this functionality, but this application is much cleaner, quicker, and more effective than the WinNuke app. SMBDie would be extremely effective to complete the installation of trojans or backdoors on any network (along with causing general havoc). The only information required to get it to work is the computer IP address and the NETBIOS name. After conducting testing in a lab situation, the application performed as promised--within seconds, the target system was shutting down and restarting.
Of course, if the network you are minding is security conscious, information such as the NETBIOS name will not be allowed outside of the firewall(s) and the port necessary to use this application should also be closed. However, as security professionals, we need to be conscious of the stealth and potential damage to be caused by internal users. Due to the functionality of the Microsoft operating system suite, it is readily impossible to shut down SMB and still have a usable, networked OS.
Just a heads up to everyone to watch for it in their network.
\"The most beautiful thing we can experience is the mysterious. It is the source of all true art and science.\"
~ Albert Einstein ~ [/shadow]
August 29th, 2002, 04:52 PM
I have also tested out this new exploit on my network and it crumbled an NT machine. I also tested it on my friends XP box with permission of course, and it failed. The only security he has on his box is the XP firewall on. I am not nearly an expert and not have looked farther into it but it appears to prevent it from working on XP.
August 29th, 2002, 05:09 PM
This exploit is fully covered in Bugtraq. Just goto http://www.securityfocus.com
Civilization. The death of dreams.