Android App “tests” Windows Vulnerability

android_windows_vulnerability_checker

An Android App for “testing” the Windows SMB2 vulnerability we covered last week has been released. For testing? Yeah right! The availability of this kind of software makes it ridiculously easy for anybody to go out and cause some havoc. Go right now and double check that your machines that run Windows Vista or Windows Server 2008 are protected (see the “workarounds” section.)

[Thanks Tom101]

48 thoughts on “Android App “tests” Windows Vulnerability

  1. Lame, this app is a rip off of the one posted in the comments of the SMB news last week:
    http://hackaday.com/2009/09/09/windows-7-and-vista-crash-via-smb-exploit/#comment-93162

    Why would you take a free app and make your own priced version and an ad-supported version to try and profit from?

    The flaw was not found by me, and even if it had been, why should I try to make money off it? It’s a testing tool for easy testing on your own home/office/clients networks.

    Not cool, Tom.

  2. @Brad,

    Alright, I’ll rephrase – the question should’ve looked more like: why would you make yourself look like a jerk by attempting to profit from other people’s work/ideas/etc?

    The original tool I created was an Android PoC of Laurent Gaffié’s findings posted to seclists, provided for testing of their home/office/clients’ networks (or if people really wanted, for fun with their friends) for FREE.

    Sorry, I’m just a bit of an advocate of free software, free information, etc.
    If someone wants to profit from their own work, then that’s fine. However, taking others’ ideas or work and trying to make a profit from it – that’s simply not cool in my books.

  3. @m0zzie

    You’ve already contacted me on twitter to tell me off you don’t need to do it here too. I didn’t rip off your app yours wasn’t aware of your app when I started mine. I was also inspired by Laurent Gaffié’s post. I’m not profiting at all; the couple of cents, and that really is all, thats come of the advertising doesn’t nearly cover the $25 I paid to become a developer to publish it. You have a donate button on your site, I see the paid app as more or less the same thing. People are free to use whichever version they want thats one of the great things about the +10000 app market we have. I’m not interested in getting in a flame war.

  4. I thought the same.

    anyway, I do feel kinda stupid right now, I guess I didn’t completely understand the article, and everything being in Englush doesn’t help alot. the fact that I said that I’m glad at using a mac is because I thought this only occurs at windows.

    ugh.

  5. @Sander

    The reason you were being mocked is that the 192.168.x.x is a class C IP address that is only used for internal networks. My ip starts with 192.168. as well, and so do a lot of other networks’ IP ranges.

    Similarly, the 127.0.0.1 address is the address that always points to your own computer – it is basically a virtual(e.g. not a physical one) that is used to connect to your own computer, for IPC stuff and some much more complicated stuff. So when someone says their IP is 127.0.0.1, they’re right, but so is yours, etc, to simplify.

  6. Now that i double cheked the list of os’s that are vunrable, i dont get why the vista box doesn’t shuts down.
    It’s right there on the list.
    Hmm portscan diden’t found the box.
    Aah silly me.
    That box is on a switch before my wlan.

  7. @The_Evil_Machinist
    That is odd, suppose it’s to stop bricking apps and the like though. Caps…didn’t even notice until you pointed it out, how long have we had this? It wasn’t here the other week on the apple fake math post. It’ll be gone soon as someone comes along and shouts “F1R5T P0S7!!1!!ONE!!!”.

  8. @moron4hire

    i want them to know that it has to be fixed, and now. or else i will keep doing it. its fun as hell to watch my teacher cursing in Chinese as his computer bsod in the middle of logging grades, or during a presentation, and during roll call. its for teh lulz.

  9. The Jailbreak team is trying to prove that there is nothing wrong with what there doing. So they were trying to protect themselves and the jailbreak. There are unofficial ways of getting software onto cydia but setting up a cydia repository is quite hard (well for me). It all comes down to Apple vs Linux. If anyone is running os 2.whatever on there iphone or ipod touch, I can set up a download link to a xcode project file so you can just transfer it to the device for “debugging”. Apple got rid of that feature in os 3.0 because of shitheads like us!!

Leave a Reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.