lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20030727025321.64988.qmail@web11001.mail.yahoo.com>
Date: Sat, 26 Jul 2003 19:53:21 -0700 (PDT)
From: S G Masood <sgmasood@...oo.com>
To: bugtraq@...urityfocus.com
Subject: Re: DCOM RPC exploit (dcom.c)


Hello list,


The Dcom.c compiles neatly on Cygwin with GCC 3.2 when
the "#include <error.h>" line is removed.

*Very* accurate. If the machine is vulnerable, the
exploit will almost always succeed on the first
attempt.

I've successfully tested it on about 16 boxes and each
one was rooted on the first try. Among these were
Win2k with SP0, SP1, SP3 while two were WinXP(SP level
not known). Before running the exploit, the machines
were confirmed as vulnerable with the Eeye tool(on a
side note, while the Eeye tool did recognise many
vulnerable boxes, it failed to recognise some of them,
though, they were vulnerable).

One glitch is that the exploitation is not very
stealth. All RPC/COM based functions stop working
completely after exploitation and fail to heal until
the machine is restarted. Many of these functions are
quite visible and easily noticeable(drag&drop,
clipboard, property sheets, etc., for example). This
happens without exception.

The exploit mostly times out when run against remote
hosts.

Hope we are all patched before Tim Mullen's
"Mescaline"(http://securityfocus.com/columnists/174)
becomes a reality.

One last advice - think twice before doing any thing
risky with the exploit. Though highly accurate, it is
very noisy.


Regards,

S.G.Masood

Hyderabad,
India.

__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ