lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
From: jasper599 at hotmail.com (Jasper Blackwell)
Subject: RE: RE: MSblast worm

Thanks for your answers all.

TC's answer raises an interesting question for me. Does anyone know what 
exploit is being used as part of the MSBlast worm? I am aware that there are 
different versions of the DCOM32 exploit, some of these versions require you 
to determine what service pack is on the machine and others use the 
universal offsets and therefore only require you to figure out whether it is 
2000 or XP that is to be exploited. I am guessing here that as it may well 
be the original DCOM32 exploit that the worm does not use the universal 
offsets, can anyone give me a definite answer?

Also is anyone else in the situation that they have 2000 machines which are 
pre SP3 which are not infected, and 2000 machines with SP3 or above that are 
infected? Is there anyone out there with 2000 machines and SP2 or below that 
are infected?

>The version we have here does not spread to W2000 boxes until they get SP3 
>installed. Then they are immediately compromised. NT4 did not infect.
>
>tc
>
>Quoting Mike.Keighleylexicon.co.uk:
>
>>
>>Ah, yes. The vulnerability does indeed exist in NT. But with respect, what 
>>Jasper asks is whether the *MSblast worm* affects NT ? The exploit code 
>>and discussions on here seem to suggest it targets only 2000 and XP.
>>
>>Does *this exploit* target NT successfully ? Not that I have seen / heard. 
>>Could an exploit be written which exploits NT ? Oh yes.
>>
>>--
>>Mike

_________________________________________________________________
Sign-up for a FREE BT Broadband connection today! 
http://www.msn.co.uk/specials/btbroadband

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ