diff --git a/modules/exploits/windows/smb/smb_relay.rb b/modules/exploits/windows/smb/smb_relay.rb index 98f5c0c3f0..b64d9cad89 100644 --- a/modules/exploits/windows/smb/smb_relay.rb +++ b/modules/exploits/windows/smb/smb_relay.rb @@ -53,6 +53,13 @@ class Metasploit3 < Msf::Exploit::Remote The SMB authentication relay attack was first reported by Sir Dystic on March 31st, 2001 at @lanta.con in Atlanta, Georgia. + On November 11th 2008 Microsoft released bulletin MS08-068. This bulletin + includes a patch which prevents the relaying of challenge keys back to + the host which issued them, preventing this exploit from working in + the default configuration. It is still possible to set the SMBHOST + parameter to a third-party host that the victim is authorized to access, + but the "reflection" attack has been effectively broken. + }, 'Author' => [ @@ -73,6 +80,9 @@ class Metasploit3 < Msf::Exploit::Remote }, 'References' => [ + [ 'MSB', 'MS08-068'], + [ 'CVE', '2008-4037'], + [ 'URL', 'http://blogs.technet.com/swi/archive/2008/11/11/smb-credential-reflection.aspx'], [ 'URL', 'http://en.wikipedia.org/wiki/SMBRelay' ], [ 'URL', 'http://www.microsoft.com/technet/sysinternals/utilities/psexec.mspx' ], [ 'URL', 'http://www.xfocus.net/articles/200305/smbrelay.html' ]