w0rk3r's Windows Hacking Library

CVE-2019-1040 scanner

Checks for CVE-2019-1040 vulnerability over SMB. The script will establish a connection to the target host(s) and send an invalid NTLM authentication. If this is accepted, the host is vulnerable to CVE-2019-1040 and you can execute the MIC Remove attack with ntlmrelayx.

Note that this does not generate failed login attempts as the login information itself is valid, it is just the NTLM message integrity code that is absent, which is why the authentication is refused without increasing the badpwdcount.

https://github.com/fox-it/cve-2019-1040-scanner

@WindowsHackingLibrary

GitHub

GitHub - fox-it/cve-2019-1040-scanner

Contribute to fox-it/cve-2019-1040-scanner development by creating an account on GitHub.

www.tgoop.com/windowshackinglibrary/411

1.4K viewsJonhnathan Jonhnathan Jonhnathan, Jun 24, 2019 at 17:13

CVE-2019-1040 scanner

Checks for CVE-2019-1040 vulnerability over SMB. The script will establish a connection to the target host(s) and send an invalid NTLM authentication. If this is accepted, the host is vulnerable to CVE-2019-1040 and you can execute the MIC Remove attack with ntlmrelayx.

Note that this does not generate failed login attempts as the login information itself is valid, it is just the NTLM message integrity code that is absent, which is why the authentication is refused without increasing the badpwdcount.

https://github.com/fox-it/cve-2019-1040-scanner

@WindowsHackingLibrary

BY w0rk3r's Windows Hacking Library