Microsoft Windows MS17-010 SMB Remote Code Execution
Posted by deepcore on April 19, 2017 – 6:29 am
This Metasploit module uses information disclosure to determine if MS17-010 has been patched or not. Specifically, it connects to the IPC$ tree and attempts a transaction on FID 0. If the status returned is “STATUS_INSUFF_SERVER_RESOURCES”, the machine does not have the MS17-010 patch. This Metasploit module does not require valid SMB credentials in default server configurations. It can log on as the user “” and connect to IPC$.
Post a reply
You must be logged in to post a comment.