| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 26 Jul 2003 19:53:21 -0700 (PDT) From: S G Masood <sgmasood@...oo.com> To: bugtraq@...urityfocus.com Subject: Re: DCOM RPC exploit (dcom.c) Hello list, The Dcom.c compiles neatly on Cygwin with GCC 3.2 when the "#include <error.h>" line is removed. *Very* accurate. If the machine is vulnerable, the exploit will almost always succeed on the first attempt. I've successfully tested it on about 16 boxes and each one was rooted on the first try. Among these were Win2k with SP0, SP1, SP3 while two were WinXP(SP level not known). Before running the exploit, the machines were confirmed as vulnerable with the Eeye tool(on a side note, while the Eeye tool did recognise many vulnerable boxes, it failed to recognise some of them, though, they were vulnerable). One glitch is that the exploitation is not very stealth. All RPC/COM based functions stop working completely after exploitation and fail to heal until the machine is restarted. Many of these functions are quite visible and easily noticeable(drag&drop, clipboard, property sheets, etc., for example). This happens without exception. The exploit mostly times out when run against remote hosts. Hope we are all patched before Tim Mullen's "Mescaline"(http://securityfocus.com/columnists/174) becomes a reality. One last advice - think twice before doing any thing risky with the exploit. Though highly accurate, it is very noisy. Regards, S.G.Masood Hyderabad, India. __________________________________ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com
Powered by blists - more mailing lists