lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <3F24572E.23562.1A4E04D@localhost>
From: m.graf at firmenwelt.de (Marcus Graf)
Subject: DCOM RPC exploit failed

Just 4 info:

I compiled dcom.c on linux and tried it against a 
Windows 2000 SP4, german version.

The exploit failed (maybe I need some offset adjustments for the
german version of Win2k) but after that I noticed some malfunctions:

- The windows explorer was not able to perform drag'n drop any more.
When I tried to drag a file somewehere nothing happened.

- The media player failed. The window came up and closed itself after 
a few seconds.

... don't know what else failed...

So even when then exploit failed it may seriously disturb the windows 
functionality. A massive scan for vulnerable windows systems on the 
net may become the character of an DoS attack even without any  
successful exploit.

Ciao
  Marcus

-- 
Windows is not the answer.
Windows is the question and the answer is no.



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ