The tag ‘impact’ of plugin “Microsoft Windows SMB/NETBIOS NULL Session Authentication Bypass Vulnerability” says that: “Successful exploitation could allow attackers to use shares to cause the system to crash.”, and the tag ‘insight’ says that “The flaw is due to an SMB share, allows full access to Guest users. If the Guest account is enabled, anyone can access the computer without a valid user account or password.”. Can anyone give me a link to a poc about these impact and insight descriptions?
I already searched about this but didn’t find any, the common exploit I found is “enumerate lists of users, groups, shares and other interesting information from remote Windows systems.”
I have the same question.
Hey,
the NVTs description and the referenced advisory clearly state that the root of the problem lies within an unsecurely configured SMB share. The vulnerability itself deals with figuring out whether a share is accessible without password or not.
IMHO you don’t need a specific PoC after accessing a share unauthenticated. Any guide on “how to crash SMB” will probably suffice. The available exploit which enumerates the share is already abusing the described vulnerability - just without flat out DoS’ing it.
1 Like