lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
From: nick at (Nick FitzGerald)
Subject: DCOM Exploit MS03-026 attack vectors

"Bassett, Mark" <> to me:

> >Well, it is the most widely supported default interface that is 
> >vulnerable.  It would be a very unusual machine that is vulnerable on 
> >some other port and _NOT_ on 135, so what is the payoff for writing an 
> >exploit (at least a "prrof of concept") that tries other ports?
> Because 9 times out of 10 port 135 is blocked by some sort of firewall,
> whilst port 80 is not blocked on a web server.  

Yes, and about 999,999 times out of a million the target machines won't 
have ncacn_http enabled and thus it is moot whether they also have the 
equally rare COM Internet Services enabled.

My (rhetorical) question was what is the payoff for trying those other 
oddball ports.  The point was that the services that have to enabled 
for this to be exploited over port 80 are so rare as to probably be 
considered severely endangered, if not extinct.


Nick FitzGerald

Powered by blists - more mailing lists