Android app “tests” Windows vulnerability

android_windows_vulnerability_checker

An Android App for “testing” the Windows SMB2 vulnerability we covered last week has been released. For testing? Yeah right! The availability of this kind of software makes it ridiculously easy for anybody to go out and cause some havoc. Go right now and double check that your machines that run Windows Vista or Windows Server 2008 are protected (see the “workarounds” section.)

[Thanks Tom101]

48 thoughts on “Android app “tests” Windows vulnerability

  1. @Oler and aron: There’s been some confusion about this. It seems that the release version of Windows 7 is unaffected but versions prior to that will be susceptible.

  2. I’ve give similar apps a test. This one seems one of the best coded. Doesn’t crash when the ip can’t be found for example. Nice find.

  3. @The_Evil_Machinist: What repo will it be on, as this should be a fun pra… I mean, don’t do that, to much chaos will fall on this world. ;)

  4. Anyone know of a linux (not android-specific) version of this? I have a few windows machines at home that I would like to “test”.

  5. Lame, this app is a rip off of the one posted in the comments of the SMB news last week:

    http://hackaday.com/2009/09/09/windows-7-and-vista-crash-via-smb-exploit/#comment-93162

    Why would you take a free app and make your own priced version and an ad-supported version to try and profit from?

    The flaw was not found by me, and even if it had been, why should I try to make money off it? It’s a testing tool for easy testing on your own home/office/clients networks.

    Not cool, Tom.

  6. @m0zzie

    you seem to not know the definition of the word ‘profit’

    why would anyone do anything for profit?

    you’re answering your own question

  7. @Brad,

    Alright, I’ll rephrase – the question should’ve looked more like: why would you make yourself look like a jerk by attempting to profit from other people’s work/ideas/etc?

    The original tool I created was an Android PoC of Laurent Gaffié’s findings posted to seclists, provided for testing of their home/office/clients’ networks (or if people really wanted, for fun with their friends) for FREE.

    Sorry, I’m just a bit of an advocate of free software, free information, etc.
    If someone wants to profit from their own work, then that’s fine. However, taking others’ ideas or work and trying to make a profit from it – that’s simply not cool in my books.

  8. @m0zzie

    You’ve already contacted me on twitter to tell me off you don’t need to do it here too. I didn’t rip off your app yours wasn’t aware of your app when I started mine. I was also inspired by Laurent Gaffié’s post. I’m not profiting at all; the couple of cents, and that really is all, thats come of the advertising doesn’t nearly cover the $25 I paid to become a developer to publish it. You have a donate button on your site, I see the paid app as more or less the same thing. People are free to use whichever version they want thats one of the great things about the +10000 app market we have. I’m not interested in getting in a flame war.

  9. any app that does this “for testing purposes” should only allow private network addresses (e.g. 192.168.x.x, 172.x.x.x, 10.x.x.x, and 127.0.0.1 (mwahaha))

  10. See, I thought Hack-a-Day was about the glory of smashing together bits of technology to make cool things happen, not about enabling good-for-nothing script kiddies.

  11. I thought the same.

    anyway, I do feel kinda stupid right now, I guess I didn’t completely understand the article, and everything being in Englush doesn’t help alot. the fact that I said that I’m glad at using a mac is because I thought this only occurs at windows.

    ugh.

  12. @Sander

    The reason you were being mocked is that the 192.168.x.x is a class C IP address that is only used for internal networks. My ip starts with 192.168. as well, and so do a lot of other networks’ IP ranges.

    Similarly, the 127.0.0.1 address is the address that always points to your own computer – it is basically a virtual(e.g. not a physical one) that is used to connect to your own computer, for IPC stuff and some much more complicated stuff. So when someone says their IP is 127.0.0.1, they’re right, but so is yours, etc, to simplify.

  13. @Luizcake

    Ah, thanks alot for taking the time to explain it to me its alot clearer to me now!
    The fact that I didn’t knew this kinda made a fool out of me, lol.

    Thanks alot.

  14. Now that i double cheked the list of os’s that are vunrable, i dont get why the vista box doesn’t shuts down.
    It’s right there on the list.
    Hmm portscan diden’t found the box.
    Aah silly me.
    That box is on a switch before my wlan.

  15. App’s done! Submitting to cydia (big boss repo). Tested, works, and has fun flashy colors! Will post link to pic of it after I get off work!

  16. @tom101

    Needs approval still. I thought jailbreaking the iphone bypassed the approval process. Bullshit!
    OH HOLY BALLS WE HAVE CAPS!!!

  17. @The_Evil_Machinist
    That is odd, suppose it’s to stop bricking apps and the like though. Caps…didn’t even notice until you pointed it out, how long have we had this? It wasn’t here the other week on the apple fake math post. It’ll be gone soon as someone comes along and shouts “F1R5T P0S7!!1!!ONE!!!”.

  18. @tom101
    lol and then they will end up with the second post. Please editors/mods/writers, take away caps! For the love of god. Also, still waiting on approval.

  19. @nick
    Why do you have to crash the every computer on the network? Why can’t you just tell the admins that the machines need to be patched?

  20. @moron4hire

    i want them to know that it has to be fixed, and now. or else i will keep doing it. its fun as hell to watch my teacher cursing in Chinese as his computer bsod in the middle of logging grades, or during a presentation, and during roll call. its for teh lulz.

  21. Ok sad news for iPhone owners… Big Boss has rejected this app because of malicious content. (“_”) I’m crying inside. Well Time to set up my own repository!

  22. The Jailbreak team is trying to prove that there is nothing wrong with what there doing. So they were trying to protect themselves and the jailbreak. There are unofficial ways of getting software onto cydia but setting up a cydia repository is quite hard (well for me). It all comes down to Apple vs Linux. If anyone is running os 2.whatever on there iphone or ipod touch, I can set up a download link to a xcode project file so you can just transfer it to the device for “debugging”. Apple got rid of that feature in os 3.0 because of shitheads like us!!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s