Module ms17-010 is falsely reporting "not vulnerable", despite the target being vulnerable. #101
Assignees
Labels
bug
Something isn't working
Comments
|
@SebastianApel is this with the newest code from the |
|
@Marshall-Hallenbeck: I have tested both versions - both are not working. The code in the module seems not to be converted to python3 correctly, and the exceptions are masked by the way the try/except block is implemented. The python code in the following link is a python3 conversion from the original python2 code. It is working for me: |
|
@SebastianApel Okay thanks, we'll take a look and try to get a fix out! Appreciate the bug report. |
Marshall-Hallenbeck
added a commit
that referenced
this issue
Nov 9, 2023
Fix: update MS17-010 for Python3 properly; add debug logging
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
The module ms17-010 is always reporting "not vulnerable", despite the target being vulnerable.
This is because the module code itself is not working with python3, but the errors are being catched by the try/except/finally wrapper, more specifically the "except: return false" part.
To Reproduce
Expected behavior
The module should report vulnerable ms17-010 instances.
Screenshots
This screenshot was created after replacing line 437 with "raise" to propagate the error.
Additional information
The python code in the following link is a python3 conversion from the python2 code that was used for the module. The converted python3 version is working for me:
https://gist.github.com/mdawsonuk/caac9ec724abe4e70277c6a2478629da
The text was updated successfully, but these errors were encountered: