I'm SMBGhost, daba dee daba da

This blogpost was created due to a mistake from Microsoft, releasing publicly an advance warning for CVE-2020-0796. CVE-2020-0796, also nicknamed "SMBGhost" or "Coronablue" is a vulnerability impacting SMBv3.1.1 servers and clients and currently has no fix (12/03/2020).

An advance warning is something Microsoft gives to its "important" partners (think multinational firms and institutions) to warn them when a vulnerability has been found in their codebase but no fix has been released yet. That way those partners can mitigate the risk while waiting for the official patch. These advance warnings usually are not public for a good reason. However, on March 9 2020, MSRC (Microsoft Security Research Center) has publicly released ADV-200005: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/adv200005 ([1])

According to @zerosum0x0 ([2]), a person who has analyzed Wannacry in the past, the bug is trivial to find but not so easy to exploit. Unlike most 1-day writeups where the story began with a binary diffing, in this case we don't have the patched version yet so this bug must be uncovered using only our intuition and experience.

This is how you can do it.