[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <GEEDJNOBNPDFCHGBHPNDAEONDMAA.tom@scriptsupport.co.uk>
From: tom at scriptsupport.co.uk (Tom H)
Subject: DCOM RPC exploit (dcom.c)
I used nmap to scan a random /16 for systems with port 135 open,
I fed the results of systems with that port open into enum (enum -S $ip)
and grepped for a "SharedDocs" share, which indicates XP box.
Then I ran the win32 binary I compiled from from the c code posted to this list
against that list of ips.
I assumed that most XP boxes would be SP1.
I got 6 command prompts.
I then ran the same binary looking for Xp with Sp0.
I got 156 command prompts.
Powered by blists - more mailing lists