| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: loki at fatelabs.com (Eric Hines)
Subject: Positive Technologies DCOM Buffer Overflow2 Signatures/Packets
All:
Here are packets from the PT scanner for the DCOM buffer overflow for
those of you wanting to create some signatures for it. I've provided a
few signature attempts herein as well. Any feedback or suggestions on my
signatures are appreciated.
alert tcp $EXTERNAL_NET any -> $HOME_NET 135 (msg:"RPC/DCOM Exploit
Attempt (MS03-039) - PTScanner Tool"; content:"|46 EA 21 6B 9F 25 0D 79
18 50 18|"; flow:to_server,established; classtype:bad-unknown;
reference:url,www.appliedwatch.com; sid:2000000; rev:1;)
alert tcp $EXTERNAL_NET any -> $HOME_NET 135 (msg:"RPC/DCOM Exploit
Attempt (MS03-039) - PTScanner Tool"; content:"|5C 00 70 00 75 00 62 00
6C 00 69 00 63 00 5C 00|"; flow:to_server,established;
classtype:bad-unknown; reference:url,www.appliedwatch.com; sid:2000001;
rev:1;)
alert tcp $EXTERNAL_NET any -> $HOME_NET 135 (msg:"RPC/DCOM Exploit
Attempt (MS03-039) - PTScanner Tool"; content:"|61 00 64 00 65 00 76 00
5F 00 78 00 00 00 36 00|"; flow:to_server,established;
classtype:bad-unknown; reference:url,www.appliedwatch.com; sid:2000002;
rev:1;)
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
=+
09/11-11:31:44.348266 0:A0:CC:58:38:71 -> 0:2:E3:15:61:D9 type:0x800
len:0x3E
192.168.0.200:2783 -> 192.168.0.104:135 TCP TTL:128 TOS:0x0 ID:48486
IpLen:20 DgmLen:48 DF
******S* Seq: 0xFB1F05AB Ack: 0x0 Win: 0x4000 TcpLen: 28
TCP Options (4) => MSS: 1334 NOP NOP SackOK
0x0000: 00 02 E3 15 61 D9 00 A0 CC 58 38 71 08 00 45 00
....a....X8q..E.
0x0010: 00 30 BD 66 40 00 80 06 BA E0 C0 A8 00 C8 C0 A8
.0.f@...........
0x0020: 00 68 0A DF 00 87 FB 1F 05 AB 00 00 00 00 70 02
.h............p.
0x0030: 40 00 B4 EB 00 00 02 04 05 36 01 01 04 02 @........6....
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
=+
09/11-11:31:44.348658 0:2:E3:15:61:D9 -> 0:A0:CC:58:38:71 type:0x800
len:0x3E
192.168.0.104:135 -> 192.168.0.200:2783 TCP TTL:128 TOS:0x0 ID:44505
IpLen:20 DgmLen:48 DF
***A**S* Seq: 0x74960752 Ack: 0xFB1F05AC Win: 0x43BE TcpLen: 28
TCP Options (4) => MSS: 1460 NOP NOP SackOK
0x0000: 00 A0 CC 58 38 71 00 02 E3 15 61 D9 08 00 45 00
...X8q....a...E.
0x0010: 00 30 AD D9 40 00 80 06 CA 6D C0 A8 00 68 C0 A8
.0..@....m...h..
0x0020: 00 C8 00 87 0A DF 74 96 07 52 FB 1F 05 AC 70 12
......t..R....p.
0x0030: 43 BE 34 B6 00 00 02 04 05 B4 01 01 04 02 C.4...........
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
=+
09/11-11:31:44.348693 0:A0:CC:58:38:71 -> 0:2:E3:15:61:D9 type:0x800
len:0x36
192.168.0.200:2783 -> 192.168.0.104:135 TCP TTL:128 TOS:0x0 ID:48487
IpLen:20 DgmLen:40 DF
***A**** Seq: 0xFB1F05AC Ack: 0x74960753 Win: 0x43BE TcpLen: 20
0x0000: 00 02 E3 15 61 D9 00 A0 CC 58 38 71 08 00 45 00
....a....X8q..E.
0x0010: 00 28 BD 67 40 00 80 06 BA E7 C0 A8 00 C8 C0 A8
.(.g@...........
0x0020: 00 68 0A DF 00 87 FB 1F 05 AC 74 96 07 53 50 10
.h........t..SP.
0x0030: 43 BE 61 7A 00 00 C.az..
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
=+
09/11-11:31:44.357854 0:A0:CC:58:38:71 -> 0:2:E3:15:61:D9 type:0x800
len:0x7E
192.168.0.200:2783 -> 192.168.0.104:135 TCP TTL:128 TOS:0x0 ID:48488
IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xFB1F05AC Ack: 0x74960753 Win: 0x43BE TcpLen: 20
0x0000: 00 02 E3 15 61 D9 00 A0 CC 58 38 71 08 00 45 00
....a....X8q..E.
0x0010: 00 70 BD 68 40 00 80 06 BA 9E C0 A8 00 C8 C0 A8
.p.h@...........
0x0020: 00 68 0A DF 00 87 FB 1F 05 AC 74 96 07 53 50 18
.h........t..SP.
0x0030: 43 BE D3 8B 00 00 05 00 0B 03 10 00 00 00 48 00
C.............H.
0x0040: 00 00 53 53 56 41 D0 16 D0 16 00 00 00 00 01 00
..SSVA..........
0x0050: 00 00 00 00 01 00 E6 73 0C E6 F9 88 CF 11 9A F1
.......s........
0x0060: 00 20 AF 6E 72 F4 02 00 00 00 04 5D 88 8A EB 1C .
.nr......]....
0x0070: C9 11 9F E8 08 00 2B 10 48 60 02 00 00 00 ......+.H`....
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
=+
09/11-11:31:44.358637 0:2:E3:15:61:D9 -> 0:A0:CC:58:38:71 type:0x800
len:0x72
192.168.0.104:135 -> 192.168.0.200:2783 TCP TTL:128 TOS:0x0 ID:44506
IpLen:20 DgmLen:100 DF
***AP*** Seq: 0x74960753 Ack: 0xFB1F05F4 Win: 0x4376 TcpLen: 20
0x0000: 00 A0 CC 58 38 71 00 02 E3 15 61 D9 08 00 45 00
...X8q....a...E.
0x0010: 00 64 AD DA 40 00 80 06 CA 38 C0 A8 00 68 C0 A8
.d..@....8...h..
0x0020: 00 C8 00 87 0A DF 74 96 07 53 FB 1F 05 F4 50 18
......t..S....P.
0x0030: 43 76 C7 54 00 00 05 00 0C 03 10 00 00 00 3C 00
Cv.T..........<.
0x0040: 00 00 53 53 56 41 D0 16 D0 16 29 79 00 00 04 00
..SSVA....)y....
0x0050: 31 33 35 00 00 00 01 00 00 00 00 00 00 00 04 5D
135............]
0x0060: 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 02 00
..........+.H`..
0x0070: 00 00 ..
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
=+
09/11-11:31:44.512377 0:A0:CC:58:38:71 -> 0:2:E3:15:61:D9 type:0x800
len:0x36
192.168.0.200:2783 -> 192.168.0.104:135 TCP TTL:128 TOS:0x0 ID:48489
IpLen:20 DgmLen:40 DF
***A**** Seq: 0xFB1F05F4 Ack: 0x7496078F Win: 0x4382 TcpLen: 20
0x0000: 00 02 E3 15 61 D9 00 A0 CC 58 38 71 08 00 45 00
....a....X8q..E.
0x0010: 00 28 BD 69 40 00 80 06 BA E5 C0 A8 00 C8 C0 A8
.(.i@...........
0x0020: 00 68 0A DF 00 87 FB 1F 05 F4 74 96 07 8F 50 10
.h........t...P.
0x0030: 43 82 61 32 00 00 C.a2..
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
=+
09/11-11:31:45.388193 0:A0:CC:58:38:71 -> 0:2:E3:15:61:D9 type:0x800
len:0x36
192.168.0.200:2783 -> 192.168.0.104:135 TCP TTL:128 TOS:0x0 ID:48490
IpLen:20 DgmLen:40 DF
***A***F Seq: 0xFB1F05F4 Ack: 0x7496078F Win: 0x4382 TcpLen: 20
0x0000: 00 02 E3 15 61 D9 00 A0 CC 58 38 71 08 00 45 00
....a....X8q..E.
0x0010: 00 28 BD 6A 40 00 80 06 BA E4 C0 A8 00 C8 C0 A8
.(.j@...........
0x0020: 00 68 0A DF 00 87 FB 1F 05 F4 74 96 07 8F 50 11
.h........t...P.
0x0030: 43 82 61 31 00 00 C.a1..
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
=+
09/11-11:31:45.388581 0:2:E3:15:61:D9 -> 0:A0:CC:58:38:71 type:0x800
len:0x3C
192.168.0.104:135 -> 192.168.0.200:2783 TCP TTL:128 TOS:0x0 ID:44508
IpLen:20 DgmLen:40 DF
***A**** Seq: 0x7496078F Ack: 0xFB1F05F5 Win: 0x4376 TcpLen: 20
0x0000: 00 A0 CC 58 38 71 00 02 E3 15 61 D9 08 00 45 00
...X8q....a...E.
0x0010: 00 28 AD DC 40 00 80 06 CA 72 C0 A8 00 68 C0 A8
.(..@....r...h..
0x0020: 00 C8 00 87 0A DF 74 96 07 8F FB 1F 05 F5 50 10
......t.......P.
0x0030: 43 76 61 3D 00 00 FF FF FF FF FF FF Cva=........
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
=+
09/11-11:31:45.388719 0:2:E3:15:61:D9 -> 0:A0:CC:58:38:71 type:0x800
len:0x3C
192.168.0.104:135 -> 192.168.0.200:2783 TCP TTL:128 TOS:0x0 ID:44509
IpLen:20 DgmLen:40 DF
***A***F Seq: 0x7496078F Ack: 0xFB1F05F5 Win: 0x4376 TcpLen: 20
0x0000: 00 A0 CC 58 38 71 00 02 E3 15 61 D9 08 00 45 00
...X8q....a...E.
0x0010: 00 28 AD DD 40 00 80 06 CA 71 C0 A8 00 68 C0 A8
.(..@....q...h..
0x0020: 00 C8 00 87 0A DF 74 96 07 8F FB 1F 05 F5 50 11
......t.......P.
0x0030: 43 76 61 3C 00 00 FF FF FF FF FF FF Cva<........
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
=+
09/11-11:31:45.388735 0:A0:CC:58:38:71 -> 0:2:E3:15:61:D9 type:0x800
len:0x36
192.168.0.200:2783 -> 192.168.0.104:135 TCP TTL:128 TOS:0x0 ID:48491
IpLen:20 DgmLen:40 DF
***A**** Seq: 0xFB1F05F5 Ack: 0x74960790 Win: 0x4382 TcpLen: 20
0x0000: 00 02 E3 15 61 D9 00 A0 CC 58 38 71 08 00 45 00
....a....X8q..E.
0x0010: 00 28 BD 6B 40 00 80 06 BA E3 C0 A8 00 C8 C0 A8
.(.k@...........
0x0020: 00 68 0A DF 00 87 FB 1F 05 F5 74 96 07 90 50 10
.h........t...P.
0x0030: 43 82 61 30 00 00 C.a0..
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
=+
09/11-11:31:45.889282 0:A0:CC:58:38:71 -> 0:2:E3:15:61:D9 type:0x800
len:0x3E
192.168.0.200:2784 -> 192.168.0.104:135 TCP TTL:128 TOS:0x0 ID:48492
IpLen:20 DgmLen:48 DF
******S* Seq: 0xFB259E61 Ack: 0x0 Win: 0x4000 TcpLen: 28
TCP Options (4) => MSS: 1334 NOP NOP SackOK
0x0000: 00 02 E3 15 61 D9 00 A0 CC 58 38 71 08 00 45 00
....a....X8q..E.
0x0010: 00 30 BD 6C 40 00 80 06 BA DA C0 A8 00 C8 C0 A8
.0.l@...........
0x0020: 00 68 0A E0 00 87 FB 25 9E 61 00 00 00 00 70 02
.h.....%.a....p.
0x0030: 40 00 1C 2E 00 00 02 04 05 36 01 01 04 02 @........6....
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
=+
09/11-11:31:45.889690 0:2:E3:15:61:D9 -> 0:A0:CC:58:38:71 type:0x800
len:0x3E
192.168.0.104:135 -> 192.168.0.200:2784 TCP TTL:128 TOS:0x0 ID:44510
IpLen:20 DgmLen:48 DF
***A**S* Seq: 0x749C9A46 Ack: 0xFB259E62 Win: 0x43BE TcpLen: 28
TCP Options (4) => MSS: 1460 NOP NOP SackOK
0x0000: 00 A0 CC 58 38 71 00 02 E3 15 61 D9 08 00 45 00
...X8q....a...E.
0x0010: 00 30 AD DE 40 00 80 06 CA 68 C0 A8 00 68 C0 A8
.0..@....h...h..
0x0020: 00 C8 00 87 0A E0 74 9C 9A 46 FB 25 9E 62 70 12
......t..F.%.bp.
0x0030: 43 BE 08 FE 00 00 02 04 05 B4 01 01 04 02 C.............
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
=+
09/11-11:31:45.889737 0:A0:CC:58:38:71 -> 0:2:E3:15:61:D9 type:0x800
len:0x36
192.168.0.200:2784 -> 192.168.0.104:135 TCP TTL:128 TOS:0x0 ID:48493
IpLen:20 DgmLen:40 DF
***A**** Seq: 0xFB259E62 Ack: 0x749C9A47 Win: 0x43BE TcpLen: 20
0x0000: 00 02 E3 15 61 D9 00 A0 CC 58 38 71 08 00 45 00
....a....X8q..E.
0x0010: 00 28 BD 6D 40 00 80 06 BA E1 C0 A8 00 C8 C0 A8
.(.m@...........
0x0020: 00 68 0A E0 00 87 FB 25 9E 62 74 9C 9A 47 50 10
.h.....%.bt..GP.
0x0030: 43 BE 35 C2 00 00 C.5...
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
=+
09/11-11:31:45.899773 0:A0:CC:58:38:71 -> 0:2:E3:15:61:D9 type:0x800
len:0x7E
192.168.0.200:2784 -> 192.168.0.104:135 TCP TTL:128 TOS:0x0 ID:48494
IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xFB259E62 Ack: 0x749C9A47 Win: 0x43BE TcpLen: 20
0x0000: 00 02 E3 15 61 D9 00 A0 CC 58 38 71 08 00 45 00
....a....X8q..E.
0x0010: 00 70 BD 6E 40 00 80 06 BA 98 C0 A8 00 C8 C0 A8
.p.n@...........
0x0020: 00 68 0A E0 00 87 FB 25 9E 62 74 9C 9A 47 50 18
.h.....%.bt..GP.
0x0030: 43 BE 6B 89 00 00 05 00 0B 03 10 00 00 00 48 00
C.k...........H.
0x0040: 00 00 01 00 00 00 D0 16 D0 16 00 00 00 00 01 00
................
0x0050: 00 00 00 00 01 00 A0 01 00 00 00 00 00 00 C0 00
................
0x0060: 00 00 00 00 00 46 00 00 00 00 04 5D 88 8A EB 1C
.....F.....]....
0x0070: C9 11 9F E8 08 00 2B 10 48 60 02 00 00 00 ......+.H`....
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
=+
09/11-11:31:45.900385 0:2:E3:15:61:D9 -> 0:A0:CC:58:38:71 type:0x800
len:0x72
192.168.0.104:135 -> 192.168.0.200:2784 TCP TTL:128 TOS:0x0 ID:44511
IpLen:20 DgmLen:100 DF
***AP*** Seq: 0x749C9A47 Ack: 0xFB259EAA Win: 0x4376 TcpLen: 20
0x0000: 00 A0 CC 58 38 71 00 02 E3 15 61 D9 08 00 45 00
...X8q....a...E.
0x0010: 00 64 AD DF 40 00 80 06 CA 33 C0 A8 00 68 C0 A8
.d..@....3...h..
0x0020: 00 C8 00 87 0A E0 74 9C 9A 47 FB 25 9E AA 50 18
......t..G.%..P.
0x0030: 43 76 43 31 00 00 05 00 0C 03 10 00 00 00 3C 00
CvC1..........<.
0x0040: 00 00 01 00 00 00 D0 16 D0 16 2A 79 00 00 04 00
..........*y....
0x0050: 31 33 35 00 00 00 01 00 00 00 00 00 00 00 04 5D
135............]
0x0060: 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 02 00
..........+.H`..
0x0070: 00 00 ..
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
=+
09/11-11:31:46.017184 0:A0:CC:58:38:71 -> 0:2:E3:15:61:D9 type:0x800
len:0x36
192.168.0.200:2784 -> 192.168.0.104:135 TCP TTL:128 TOS:0x0 ID:48495
IpLen:20 DgmLen:40 DF
***A**** Seq: 0xFB259EAA Ack: 0x749C9A83 Win: 0x4382 TcpLen: 20
0x0000: 00 02 E3 15 61 D9 00 A0 CC 58 38 71 08 00 45 00
....a....X8q..E.
0x0010: 00 28 BD 6F 40 00 80 06 BA DF C0 A8 00 C8 C0 A8
.(.o@...........
0x0020: 00 68 0A E0 00 87 FB 25 9E AA 74 9C 9A 83 50 10
.h.....%..t...P.
0x0030: 43 82 35 7A 00 00 C.5z..
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
=+
09/11-11:31:46.930095 0:A0:CC:58:38:71 -> 0:2:E3:15:61:D9 type:0x800
len:0x7C
192.168.0.200:2784 -> 192.168.0.104:135 TCP TTL:128 TOS:0x0 ID:48496
IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xFB259EAA Ack: 0x749C9A83 Win: 0x4382 TcpLen: 20
0x0000: 00 02 E3 15 61 D9 00 A0 CC 58 38 71 08 00 45 00
....a....X8q..E.
0x0010: 00 6E BD 70 40 00 80 06 BA 98 C0 A8 00 C8 C0 A8
.n.p@...........
0x0020: 00 68 0A E0 00 87 FB 25 9E AA 74 9C 9A 83 50 18
.h.....%..t...P.
0x0030: 43 82 58 15 00 00 05 00 00 03 10 00 00 00 B0 03
C.X.............
0x0040: 00 00 01 00 00 00 98 03 00 00 00 00 04 00 05 00
................
0x0050: 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
0x0060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
0x0070: 00 00 90 05 14 00 68 03 00 00 68 03 ......h...h.
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
=+
09/11-11:31:47.101948 0:2:E3:15:61:D9 -> 0:A0:CC:58:38:71 type:0x800
len:0x3C
192.168.0.104:135 -> 192.168.0.200:2784 TCP TTL:128 TOS:0x0 ID:44512
IpLen:20 DgmLen:40 DF
***A**** Seq: 0x749C9A83 Ack: 0xFB259EF0 Win: 0x4330 TcpLen: 20
0x0000: 00 A0 CC 58 38 71 00 02 E3 15 61 D9 08 00 45 00
...X8q....a...E.
0x0010: 00 28 AD E0 40 00 80 06 CA 6E C0 A8 00 68 C0 A8
.(..@....n...h..
0x0020: 00 C8 00 87 0A E0 74 9C 9A 83 FB 25 9E F0 50 10
......t....%..P.
0x0030: 43 30 35 86 00 00 FF FF FF FF FF FF C05.........
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
=+
09/11-11:31:47.102024 0:A0:CC:58:38:71 -> 0:2:E3:15:61:D9 type:0x800
len:0x3A0
192.168.0.200:2784 -> 192.168.0.104:135 TCP TTL:128 TOS:0x0 ID:48498
IpLen:20 DgmLen:914 DF
***AP*** Seq: 0xFB259EF0 Ack: 0x749C9A83 Win: 0x4382 TcpLen: 20
0x0000: 00 02 E3 15 61 D9 00 A0 CC 58 38 71 08 00 45 00
....a....X8q..E.
0x0010: 03 92 BD 72 40 00 80 06 B7 72 C0 A8 00 C8 C0 A8
...r@....r......
0x0020: 00 68 0A E0 00 87 FB 25 9E F0 74 9C 9A 83 50 18
.h.....%..t...P.
0x0030: 43 82 3E BB 00 00 00 00 4D 45 4F 57 04 00 00 00
C.>.....MEOW....
0x0040: A2 01 00 00 00 00 00 00 C0 00 00 00 00 00 00 46
...............F
0x0050: 38 03 00 00 00 00 00 00 C0 00 00 00 00 00 00 46
8..............F
0x0060: 00 00 00 00 38 03 00 00 30 03 00 00 00 00 00 00
....8...0.......
0x0070: 01 10 08 00 CC CC CC CC C8 00 00 00 00 00 00 00
................
0x0080: 30 03 00 00 D8 00 00 00 00 00 00 00 02 00 00 00
0...............
0x0090: 07 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
0x00A0: 00 00 00 00 18 01 8D 00 B8 01 8D 00 00 00 00 00
................
0x00B0: 07 00 00 00 B9 01 00 00 00 00 00 00 C0 00 00 00
................
0x00C0: 00 00 00 46 AB 01 00 00 00 00 00 00 C0 00 00 00
...F............
0x00D0: 00 00 00 46 A5 01 00 00 00 00 00 00 C0 00 00 00
...F............
0x00E0: 00 00 00 46 A6 01 00 00 00 00 00 00 C0 00 00 00
...F............
0x00F0: 00 00 00 46 A4 01 00 00 00 00 00 00 C0 00 00 00
...F............
0x0100: 00 00 00 46 AD 01 00 00 00 00 00 00 C0 00 00 00
...F............
0x0110: 00 00 00 46 AA 01 00 00 00 00 00 00 C0 00 00 00
...F............
0x0120: 00 00 00 46 07 00 00 00 60 00 00 00 58 00 00 00
...F....`...X...
0x0130: 90 00 00 00 58 00 00 00 20 00 00 00 68 00 00 00 ....X...
...h...
0x0140: 30 00 00 00 C0 00 00 00 01 10 08 00 CC CC CC CC
0...............
0x0150: 50 00 00 00 00 00 00 00 FF FF FF FF 00 00 00 00
P...............
0x0160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
0x0170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
0x0180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
0x0190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
0x01A0: 00 00 00 00 00 00 00 00 01 10 08 00 CC CC CC CC
................
0x01B0: 48 00 00 00 00 00 00 00 00 5D 88 9A EB 1C C9 11
H........]......
0x01C0: 9F E8 08 00 2B 10 48 60 10 00 00 00 00 00 00 00
....+.H`........
0x01D0: 00 00 00 00 01 00 00 00 00 00 00 00 B8 47 0A 00
.............G..
0x01E0: 58 00 00 00 05 00 06 00 01 00 00 00 00 00 00 00
X...............
0x01F0: 00 00 00 00 C0 00 00 00 00 00 00 46 CC CC CC CC
...........F....
0x0200: 01 10 08 00 CC CC CC CC 80 00 00 00 00 00 00 00
................
0x0210: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
0x0220: 20 BA 09 00 00 00 00 00 60 00 00 00 60 00 00 00
.......`...`...
0x0230: 4D 45 4F 57 04 00 00 00 C0 01 00 00 00 00 00 00
MEOW............
0x0240: C0 00 00 00 00 00 00 46 3B 03 00 00 00 00 00 00
.......F;.......
0x0250: C0 00 00 00 00 00 00 46 00 00 00 00 30 00 00 00
.......F....0...
0x0260: 01 00 01 00 67 3C 70 94 13 33 FD 46 87 24 4D 09
....g<p..3.F.$M.
0x0270: 39 88 93 9D 02 00 00 00 00 00 00 00 00 00 00 00
9...............
0x0280: 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00
................
0x0290: 01 10 08 00 CC CC CC CC 48 00 00 00 00 00 00 00
........H.......
0x02A0: 00 00 00 00 B0 7E 09 00 00 00 00 00 00 00 00 00
.....~..........
0x02B0: F0 89 0A 00 00 00 00 00 00 00 00 00 0D 00 00 00
................
0x02C0: 00 00 00 00 0D 00 00 00 73 00 61 00 6A 00 69 00
........s.a.j.i.
0x02D0: 61 00 64 00 65 00 76 00 5F 00 78 00 38 00 36 00
a.d.e.v._.x.8.6.
0x02E0: 00 00 08 00 CC CC CC CC 01 10 08 00 CC CC CC CC
................
0x02F0: 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
0x0300: 00 00 00 00 00 00 00 00 01 10 08 00 CC CC CC CC
................
0x0310: 58 00 00 00 00 00 00 00 C0 5E 0A 00 00 00 00 00
X........^......
0x0320: 00 00 00 00 00 00 00 00 1B 00 00 00 00 00 00 00
................
0x0330: 1B 00 00 00 5C 00 5C 00 00 00 5C 00 6A 00 69 00
....\.\...\.j.i.
0x0340: 61 00 64 00 65 00 76 00 5F 00 78 00 00 00 36 00
a.d.e.v._.x...6.
0x0350: 5C 00 70 00 75 00 62 00 6C 00 69 00 63 00 5C 00
\.p.u.b.l.i.c.\.
0x0360: 41 00 41 00 41 00 41 00 00 00 00 00 01 00 15 00
A.A.A.A.........
0x0370: 01 10 08 00 CC CC CC CC 20 00 00 00 00 00 00 00 ........
.......
0x0380: 00 00 00 00 90 5B 09 00 02 00 00 00 01 00 6C 00
.....[........l.
0x0390: C0 DF 08 00 01 00 00 00 07 00 55 00 00 00 00 00
..........U.....
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
=+
09/11-11:31:47.103614 0:2:E3:15:61:D9 -> 0:A0:CC:58:38:71 type:0x800
len:0x5E
192.168.0.104:135 -> 192.168.0.200:2784 TCP TTL:128 TOS:0x0 ID:44513
IpLen:20 DgmLen:80 DF
***AP*** Seq: 0x749C9A83 Ack: 0xFB25A25A Win: 0x3FC6 TcpLen: 20
0x0000: 00 A0 CC 58 38 71 00 02 E3 15 61 D9 08 00 45 00
...X8q....a...E.
0x0010: 00 50 AD E1 40 00 80 06 CA 45 C0 A8 00 68 C0 A8
.P..@....E...h..
0x0020: 00 C8 00 87 0A E0 74 9C 9A 83 FB 25 A2 5A 50 18
......t....%.ZP.
0x0030: 3F C6 D8 D2 00 00 05 00 02 03 10 00 00 00 28 00
?.............(.
0x0040: 00 00 01 00 00 00 10 00 00 00 00 00 00 00 00 00
................
0x0050: 00 00 00 00 00 00 00 00 00 00 04 00 08 80 ..............
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
=+
09/11-11:31:47.221009 0:A0:CC:58:38:71 -> 0:2:E3:15:61:D9 type:0x800
len:0x36
192.168.0.200:2784 -> 192.168.0.104:135 TCP TTL:128 TOS:0x0 ID:48499
IpLen:20 DgmLen:40 DF
***A**** Seq: 0xFB25A25A Ack: 0x749C9AAB Win: 0x435A TcpLen: 20
0x0000: 00 02 E3 15 61 D9 00 A0 CC 58 38 71 08 00 45 00
....a....X8q..E.
0x0010: 00 28 BD 73 40 00 80 06 BA DB C0 A8 00 C8 C0 A8
.(.s@...........
0x0020: 00 68 0A E0 00 87 FB 25 A2 5A 74 9C 9A AB 50 10
.h.....%.Zt...P.
0x0030: 43 5A 31 CA 00 00 CZ1...
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
=+
09/11-11:31:48.130922 0:A0:CC:58:38:71 -> 0:2:E3:15:61:D9 type:0x800
len:0x36
192.168.0.200:2784 -> 192.168.0.104:135 TCP TTL:128 TOS:0x0 ID:48504
IpLen:20 DgmLen:40 DF
***A***F Seq: 0xFB25A25A Ack: 0x749C9AAB Win: 0x435A TcpLen: 20
0x0000: 00 02 E3 15 61 D9 00 A0 CC 58 38 71 08 00 45 00
....a....X8q..E.
0x0010: 00 28 BD 78 40 00 80 06 BA D6 C0 A8 00 C8 C0 A8
.(.x@...........
0x0020: 00 68 0A E0 00 87 FB 25 A2 5A 74 9C 9A AB 50 11
.h.....%.Zt...P.
0x0030: 43 5A 31 C9 00 00 CZ1...
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
=+
09/11-11:31:48.131290 0:2:E3:15:61:D9 -> 0:A0:CC:58:38:71 type:0x800
len:0x3C
192.168.0.104:135 -> 192.168.0.200:2784 TCP TTL:128 TOS:0x0 ID:44514
IpLen:20 DgmLen:40 DF
***A**** Seq: 0x749C9AAB Ack: 0xFB25A25B Win: 0x3FC6 TcpLen: 20
0x0000: 00 A0 CC 58 38 71 00 02 E3 15 61 D9 08 00 45 00
...X8q....a...E.
0x0010: 00 28 AD E2 40 00 80 06 CA 6C C0 A8 00 68 C0 A8
.(..@....l...h..
0x0020: 00 C8 00 87 0A E0 74 9C 9A AB FB 25 A2 5B 50 10
......t....%.[P.
0x0030: 3F C6 35 5D 00 00 FF FF FF FF FF FF ?.5]........
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
=+
09/11-11:31:48.131436 0:2:E3:15:61:D9 -> 0:A0:CC:58:38:71 type:0x800
len:0x3C
192.168.0.104:135 -> 192.168.0.200:2784 TCP TTL:128 TOS:0x0 ID:44515
IpLen:20 DgmLen:40 DF
***A***F Seq: 0x749C9AAB Ack: 0xFB25A25B Win: 0x3FC6 TcpLen: 20
0x0000: 00 A0 CC 58 38 71 00 02 E3 15 61 D9 08 00 45 00
...X8q....a...E.
0x0010: 00 28 AD E3 40 00 80 06 CA 6B C0 A8 00 68 C0 A8
.(..@....k...h..
0x0020: 00 C8 00 87 0A E0 74 9C 9A AB FB 25 A2 5B 50 11
......t....%.[P.
0x0030: 3F C6 35 5C 00 00 FF FF FF FF FF FF ?.5\........
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
=+
09/11-11:31:48.131453 0:A0:CC:58:38:71 -> 0:2:E3:15:61:D9 type:0x800
len:0x36
192.168.0.200:2784 -> 192.168.0.104:135 TCP TTL:128 TOS:0x0 ID:48505
IpLen:20 DgmLen:40 DF
***A**** Seq: 0xFB25A25B Ack: 0x749C9AAC Win: 0x435A TcpLen: 20
0x0000: 00 02 E3 15 61 D9 00 A0 CC 58 38 71 08 00 45 00
....a....X8q..E.
0x0010: 00 28 BD 79 40 00 80 06 BA D5 C0 A8 00 C8 C0 A8
.(.y@...........
0x0020: 00 68 0A E0 00 87 FB 25 A2 5B 74 9C 9A AC 50 10
.h.....%.[t...P.
0x0030: 43 5A 31 C8 00 00 CZ1...
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
=+
09/11-11:31:48.131815 0:A0:CC:58:38:71 -> 0:2:E3:15:61:D9 type:0x800
len:0x3E
192.168.0.200:2785 -> 192.168.0.104:135 TCP TTL:128 TOS:0x0 ID:48506
IpLen:20 DgmLen:48 DF
******S* Seq: 0xFB2F065E Ack: 0x0 Win: 0x4000 TcpLen: 28
TCP Options (4) => MSS: 1334 NOP NOP SackOK
0x0000: 00 02 E3 15 61 D9 00 A0 CC 58 38 71 08 00 45 00
....a....X8q..E.
0x0010: 00 30 BD 7A 40 00 80 06 BA CC C0 A8 00 C8 C0 A8
.0.z@...........
0x0020: 00 68 0A E1 00 87 FB 2F 06 5E 00 00 00 00 70 02
.h...../.^....p.
0x0030: 40 00 B4 26 00 00 02 04 05 36 01 01 04 02 @..&.....6....
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
=+
09/11-11:31:48.132096 0:2:E3:15:61:D9 -> 0:A0:CC:58:38:71 type:0x800
len:0x3E
192.168.0.104:135 -> 192.168.0.200:2785 TCP TTL:128 TOS:0x0 ID:44516
IpLen:20 DgmLen:48 DF
***A**S* Seq: 0x74A5E337 Ack: 0xFB2F065F Win: 0x43BE TcpLen: 28
TCP Options (4) => MSS: 1460 NOP NOP SackOK
0x0000: 00 A0 CC 58 38 71 00 02 E3 15 61 D9 08 00 45 00
...X8q....a...E.
0x0010: 00 30 AD E4 40 00 80 06 CA 62 C0 A8 00 68 C0 A8
.0..@....b...h..
0x0020: 00 C8 00 87 0A E1 74 A5 E3 37 FB 2F 06 5F 70 12
......t..7./._p.
0x0030: 43 BE 57 FC 00 00 02 04 05 B4 01 01 04 02 C.W...........
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
=+
09/11-11:31:48.132115 0:A0:CC:58:38:71 -> 0:2:E3:15:61:D9 type:0x800
len:0x36
192.168.0.200:2785 -> 192.168.0.104:135 TCP TTL:128 TOS:0x0 ID:48507
IpLen:20 DgmLen:40 DF
***A**** Seq: 0xFB2F065F Ack: 0x74A5E338 Win: 0x43BE TcpLen: 20
0x0000: 00 02 E3 15 61 D9 00 A0 CC 58 38 71 08 00 45 00
....a....X8q..E.
0x0010: 00 28 BD 7B 40 00 80 06 BA D3 C0 A8 00 C8 C0 A8
.(.{@...........
0x0020: 00 68 0A E1 00 87 FB 2F 06 5F 74 A5 E3 38 50 10
.h...../._t..8P.
0x0030: 43 BE 84 C0 00 00 C.....
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
=+
09/11-11:31:48.141920 0:A0:CC:58:38:71 -> 0:2:E3:15:61:D9 type:0x800
len:0x7E
192.168.0.200:2785 -> 192.168.0.104:135 TCP TTL:128 TOS:0x0 ID:48508
IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xFB2F065F Ack: 0x74A5E338 Win: 0x43BE TcpLen: 20
0x0000: 00 02 E3 15 61 D9 00 A0 CC 58 38 71 08 00 45 00
....a....X8q..E.
0x0010: 00 70 BD 7C 40 00 80 06 BA 8A C0 A8 00 C8 C0 A8
.p.|@...........
0x0020: 00 68 0A E1 00 87 FB 2F 06 5F 74 A5 E3 38 50 18
.h...../._t..8P.
0x0030: 43 BE BA 87 00 00 05 00 0B 03 10 00 00 00 48 00
C.............H.
0x0040: 00 00 01 00 00 00 D0 16 D0 16 00 00 00 00 01 00
................
0x0050: 00 00 00 00 01 00 A0 01 00 00 00 00 00 00 C0 00
................
0x0060: 00 00 00 00 00 46 00 00 00 00 04 5D 88 8A EB 1C
.....F.....]....
0x0070: C9 11 9F E8 08 00 2B 10 48 60 02 00 00 00 ......+.H`....
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
=+
09/11-11:31:48.142434 0:2:E3:15:61:D9 -> 0:A0:CC:58:38:71 type:0x800
len:0x72
192.168.0.104:135 -> 192.168.0.200:2785 TCP TTL:128 TOS:0x0 ID:44517
IpLen:20 DgmLen:100 DF
***AP*** Seq: 0x74A5E338 Ack: 0xFB2F06A7 Win: 0x4376 TcpLen: 20
0x0000: 00 A0 CC 58 38 71 00 02 E3 15 61 D9 08 00 45 00
...X8q....a...E.
0x0010: 00 64 AD E5 40 00 80 06 CA 2D C0 A8 00 68 C0 A8
.d..@....-...h..
0x0020: 00 C8 00 87 0A E1 74 A5 E3 38 FB 2F 06 A7 50 18
......t..8./..P.
0x0030: 43 76 91 2F 00 00 05 00 0C 03 10 00 00 00 3C 00
Cv./..........<.
0x0040: 00 00 01 00 00 00 D0 16 D0 16 2B 79 00 00 04 00
..........+y....
0x0050: 31 33 35 00 00 00 01 00 00 00 00 00 00 00 04 5D
135............]
0x0060: 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 02 00
..........+.H`..
0x0070: 00 00 ..
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
=+
09/11-11:31:48.324605 0:A0:CC:58:38:71 -> 0:2:E3:15:61:D9 type:0x800
len:0x36
192.168.0.200:2785 -> 192.168.0.104:135 TCP TTL:128 TOS:0x0 ID:48509
IpLen:20 DgmLen:40 DF
***A**** Seq: 0xFB2F06A7 Ack: 0x74A5E374 Win: 0x4382 TcpLen: 20
0x0000: 00 02 E3 15 61 D9 00 A0 CC 58 38 71 08 00 45 00
....a....X8q..E.
0x0010: 00 28 BD 7D 40 00 80 06 BA D1 C0 A8 00 C8 C0 A8
.(.}@...........
0x0020: 00 68 0A E1 00 87 FB 2F 06 A7 74 A5 E3 74 50 10
.h...../..t..tP.
0x0030: 43 82 84 78 00 00 C..x..
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
=+
09/11-11:31:49.172247 0:A0:CC:58:38:71 -> 0:2:E3:15:61:D9 type:0x800
len:0x7C
192.168.0.200:2785 -> 192.168.0.104:135 TCP TTL:128 TOS:0x0 ID:48510
IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xFB2F06A7 Ack: 0x74A5E374 Win: 0x4382 TcpLen: 20
0x0000: 00 02 E3 15 61 D9 00 A0 CC 58 38 71 08 00 45 00
....a....X8q..E.
0x0010: 00 6E BD 7E 40 00 80 06 BA 8A C0 A8 00 C8 C0 A8
.n.~@...........
0x0020: 00 68 0A E1 00 87 FB 2F 06 A7 74 A5 E3 74 50 18
.h...../..t..tP.
0x0030: 43 82 A6 13 00 00 05 00 00 03 10 00 00 00 B0 03
C...............
0x0040: 00 00 02 00 00 00 98 03 00 00 00 00 04 00 05 00
................
0x0050: 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
0x0060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
0x0070: 00 00 90 05 14 00 68 03 00 00 68 03 ......h...h.
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
=+
09/11-11:31:49.305111 0:2:E3:15:61:D9 -> 0:A0:CC:58:38:71 type:0x800
len:0x3C
192.168.0.104:135 -> 192.168.0.200:2785 TCP TTL:128 TOS:0x0 ID:44518
IpLen:20 DgmLen:40 DF
***A**** Seq: 0x74A5E374 Ack: 0xFB2F06ED Win: 0x4330 TcpLen: 20
0x0000: 00 A0 CC 58 38 71 00 02 E3 15 61 D9 08 00 45 00
...X8q....a...E.
0x0010: 00 28 AD E6 40 00 80 06 CA 68 C0 A8 00 68 C0 A8
.(..@....h...h..
0x0020: 00 C8 00 87 0A E1 74 A5 E3 74 FB 2F 06 ED 50 10
......t..t./..P.
0x0030: 43 30 84 84 00 00 FF FF FF FF FF FF C0..........
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
=+
09/11-11:31:49.305192 0:A0:CC:58:38:71 -> 0:2:E3:15:61:D9 type:0x800
len:0x3A0
192.168.0.200:2785 -> 192.168.0.104:135 TCP TTL:128 TOS:0x0 ID:48511
IpLen:20 DgmLen:914 DF
***AP*** Seq: 0xFB2F06ED Ack: 0x74A5E374 Win: 0x4382 TcpLen: 20
0x0000: 00 02 E3 15 61 D9 00 A0 CC 58 38 71 08 00 45 00
....a....X8q..E.
0x0010: 03 92 BD 7F 40 00 80 06 B7 65 C0 A8 00 C8 C0 A8
....@....e......
0x0020: 00 68 0A E1 00 87 FB 2F 06 ED 74 A5 E3 74 50 18
.h...../..t..tP.
0x0030: 43 82 E2 B8 00 00 00 00 4D 45 4F 57 04 00 00 00
C.......MEOW....
0x0040: A2 01 00 00 00 00 00 00 C0 00 00 00 00 00 00 46
...............F
0x0050: 38 03 00 00 00 00 00 00 C0 00 00 00 00 00 00 46
8..............F
0x0060: 00 00 00 00 38 03 00 00 30 03 00 00 00 00 00 00
....8...0.......
0x0070: 01 10 08 00 CC CC CC CC C8 00 00 00 00 00 00 00
................
0x0080: 30 03 00 00 D8 00 00 00 00 00 00 00 02 00 00 00
0...............
0x0090: 07 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
0x00A0: 00 00 00 00 18 01 8D 00 B8 01 8D 00 00 00 00 00
................
0x00B0: 07 00 00 00 B9 01 00 00 00 00 00 00 C0 00 00 00
................
0x00C0: 00 00 00 46 AB 01 00 00 00 00 00 00 C0 00 00 00
...F............
0x00D0: 00 00 00 46 A5 01 00 00 00 00 00 00 C0 00 00 00
...F............
0x00E0: 00 00 00 46 F6 01 00 00 00 00 00 00 C0 00 00 00
...F............
0x00F0: 00 00 00 46 FF 01 00 00 00 00 00 00 C0 00 00 00
...F............
0x0100: 00 00 00 46 AD 01 00 00 00 00 00 00 C0 00 00 00
...F............
0x0110: 00 00 00 46 AA 01 00 00 00 00 00 00 C0 00 00 00
...F............
0x0120: 00 00 00 46 07 00 00 00 60 00 00 00 58 00 00 00
...F....`...X...
0x0130: 90 00 00 00 58 00 00 00 20 00 00 00 68 00 00 00 ....X...
...h...
0x0140: 30 00 00 00 C0 00 00 00 01 10 08 00 CC CC CC CC
0...............
0x0150: 50 00 00 00 00 00 00 00 FF FF FF FF 00 00 00 00
P...............
0x0160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
0x0170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
0x0180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
0x0190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
0x01A0: 00 00 00 00 00 00 00 00 01 10 08 00 CC CC CC CC
................
0x01B0: 48 00 00 00 00 00 00 00 00 5D 88 9A EB 1C C9 11
H........]......
0x01C0: 9F E8 08 00 2B 10 48 60 10 00 00 00 00 00 00 00
....+.H`........
0x01D0: 00 00 00 00 01 00 00 00 00 00 00 00 B8 47 0A 00
.............G..
0x01E0: 58 00 00 00 05 00 06 00 01 00 00 00 00 00 00 00
X...............
0x01F0: 00 00 00 00 C0 00 00 00 00 00 00 46 CC CC CC CC
...........F....
0x0200: 01 10 08 00 CC CC CC CC 80 00 00 00 00 00 00 00
................
0x0210: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
0x0220: 20 BA 09 00 00 00 00 00 60 00 00 00 60 00 00 00
.......`...`...
0x0230: 4D 45 4F 57 04 00 00 00 C0 01 00 00 00 00 00 00
MEOW............
0x0240: C0 00 00 00 00 00 00 46 3B 03 00 00 00 00 00 00
.......F;.......
0x0250: C0 00 00 00 00 00 00 46 00 00 00 00 30 00 00 00
.......F....0...
0x0260: 01 00 01 00 67 3C 70 94 13 33 FD 46 87 24 4D 09
....g<p..3.F.$M.
0x0270: 39 88 93 9D 02 00 00 00 00 00 00 00 00 00 00 00
9...............
0x0280: 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00
................
0x0290: 01 10 08 00 CC CC CC CC 48 00 00 00 00 00 00 00
........H.......
0x02A0: 00 00 00 00 B0 7E 09 00 00 00 00 00 00 00 00 00
.....~..........
0x02B0: F0 89 0A 00 00 00 00 00 00 00 00 00 0D 00 00 00
................
0x02C0: 00 00 00 00 0D 00 00 00 73 00 61 00 6A 00 69 00
........s.a.j.i.
0x02D0: 61 00 64 00 65 00 76 00 5F 00 78 00 38 00 36 00
a.d.e.v._.x.8.6.
0x02E0: 00 00 08 00 CC CC CC CC 01 10 08 00 CC CC CC CC
................
0x02F0: 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
0x0300: 00 00 00 00 00 00 00 00 01 10 08 00 CC CC CC CC
................
0x0310: 58 00 00 00 00 00 00 00 C0 5E 0A 00 00 00 00 00
X........^......
0x0320: 00 00 00 00 00 00 00 00 1B 00 00 00 00 00 00 00
................
0x0330: 1B 00 00 00 5C 00 5C 00 00 00 5C 00 6A 00 69 00
....\.\...\.j.i.
0x0340: 61 00 64 00 65 00 76 00 5F 00 78 00 00 00 36 00
a.d.e.v._.x...6.
0x0350: 5C 00 70 00 75 00 62 00 6C 00 69 00 63 00 5C 00
\.p.u.b.l.i.c.\.
0x0360: 41 00 41 00 41 00 41 00 00 00 00 00 01 00 15 00
A.A.A.A.........
0x0370: 01 10 08 00 CC CC CC CC 20 00 00 00 00 00 00 00 ........
.......
0x0380: 00 00 00 00 90 5B 09 00 02 00 00 00 01 00 6C 00
.....[........l.
0x0390: C0 DF 08 00 01 00 00 00 07 00 55 00 00 00 00 00
..........U.....
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
=+
09/11-11:31:49.306636 0:2:E3:15:61:D9 -> 0:A0:CC:58:38:71 type:0x800
len:0x5E
192.168.0.104:135 -> 192.168.0.200:2785 TCP TTL:128 TOS:0x0 ID:44519
IpLen:20 DgmLen:80 DF
***AP*** Seq: 0x74A5E374 Ack: 0xFB2F0A57 Win: 0x3FC6 TcpLen: 20
0x0000: 00 A0 CC 58 38 71 00 02 E3 15 61 D9 08 00 45 00
...X8q....a...E.
0x0010: 00 50 AD E7 40 00 80 06 CA 3F C0 A8 00 68 C0 A8
.P..@....?...h..
0x0020: 00 C8 00 87 0A E1 74 A5 E3 74 FB 2F 0A 57 50 18
......t..t./.WP.
0x0030: 3F C6 26 D1 00 00 05 00 02 03 10 00 00 00 28 00
?.&...........(.
0x0040: 00 00 02 00 00 00 10 00 00 00 00 00 00 00 00 00
................
0x0050: 00 00 00 00 00 00 00 00 00 00 04 00 08 80 ..............
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
=+
09/11-11:31:49.428071 0:A0:CC:58:38:71 -> 0:2:E3:15:61:D9 type:0x800
len:0x36
192.168.0.200:2785 -> 192.168.0.104:135 TCP TTL:128 TOS:0x0 ID:48512
IpLen:20 DgmLen:40 DF
***A**** Seq: 0xFB2F0A57 Ack: 0x74A5E39C Win: 0x435A TcpLen: 20
0x0000: 00 02 E3 15 61 D9 00 A0 CC 58 38 71 08 00 45 00
....a....X8q..E.
0x0010: 00 28 BD 80 40 00 80 06 BA CE C0 A8 00 C8 C0 A8
.(..@...........
0x0020: 00 68 0A E1 00 87 FB 2F 0A 57 74 A5 E3 9C 50 10
.h...../.Wt...P.
0x0030: 43 5A 80 C8 00 00 CZ....
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
=+
09/11-11:31:50.332959 0:A0:CC:58:38:71 -> 0:2:E3:15:61:D9 type:0x800
len:0x36
192.168.0.200:2785 -> 192.168.0.104:135 TCP TTL:128 TOS:0x0 ID:48513
IpLen:20 DgmLen:40 DF
***A***F Seq: 0xFB2F0A57 Ack: 0x74A5E39C Win: 0x435A TcpLen: 20
0x0000: 00 02 E3 15 61 D9 00 A0 CC 58 38 71 08 00 45 00
....a....X8q..E.
0x0010: 00 28 BD 81 40 00 80 06 BA CD C0 A8 00 C8 C0 A8
.(..@...........
0x0020: 00 68 0A E1 00 87 FB 2F 0A 57 74 A5 E3 9C 50 11
.h...../.Wt...P.
0x0030: 43 5A 80 C7 00 00 CZ....
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
=+
09/11-11:31:50.333326 0:2:E3:15:61:D9 -> 0:A0:CC:58:38:71 type:0x800
len:0x3C
192.168.0.104:135 -> 192.168.0.200:2785 TCP TTL:128 TOS:0x0 ID:44520
IpLen:20 DgmLen:40 DF
***A**** Seq: 0x74A5E39C Ack: 0xFB2F0A58 Win: 0x3FC6 TcpLen: 20
0x0000: 00 A0 CC 58 38 71 00 02 E3 15 61 D9 08 00 45 00
...X8q....a...E.
0x0010: 00 28 AD E8 40 00 80 06 CA 66 C0 A8 00 68 C0 A8
.(..@....f...h..
0x0020: 00 C8 00 87 0A E1 74 A5 E3 9C FB 2F 0A 58 50 10
......t..../.XP.
0x0030: 3F C6 84 5B 00 00 FF FF FF FF FF FF ?..[........
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
=+
09/11-11:31:50.333464 0:2:E3:15:61:D9 -> 0:A0:CC:58:38:71 type:0x800
len:0x3C
192.168.0.104:135 -> 192.168.0.200:2785 TCP TTL:128 TOS:0x0 ID:44521
IpLen:20 DgmLen:40 DF
***A***F Seq: 0x74A5E39C Ack: 0xFB2F0A58 Win: 0x3FC6 TcpLen: 20
0x0000: 00 A0 CC 58 38 71 00 02 E3 15 61 D9 08 00 45 00
...X8q....a...E.
0x0010: 00 28 AD E9 40 00 80 06 CA 65 C0 A8 00 68 C0 A8
.(..@....e...h..
0x0020: 00 C8 00 87 0A E1 74 A5 E3 9C FB 2F 0A 58 50 11
......t..../.XP.
0x0030: 3F C6 84 5A 00 00 FF FF FF FF FF FF ?..Z........
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
=+
09/11-11:31:50.333482 0:A0:CC:58:38:71 -> 0:2:E3:15:61:D9 type:0x800
len:0x36
192.168.0.200:2785 -> 192.168.0.104:135 TCP TTL:128 TOS:0x0 ID:48514
IpLen:20 DgmLen:40 DF
***A**** Seq: 0xFB2F0A58 Ack: 0x74A5E39D Win: 0x435A TcpLen: 20
0x0000: 00 02 E3 15 61 D9 00 A0 CC 58 38 71 08 00 45 00
....a....X8q..E.
0x0010: 00 28 BD 82 40 00 80 06 BA CC C0 A8 00 C8 C0 A8
.(..@...........
0x0020: 00 68 0A E1 00 87 FB 2F 0A 58 74 A5 E3 9D 50 10
.h...../.Xt...P.
0x0030: 43 5A 80 C6 00 00 CZ....
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
=+
Regards,
Eric Hines
CEO, Chairman
===============================================
Eric Hines
CEO, Chairman
Applied Watch Technologies, Inc.
eric.hines@...liedwatch.com
-----------------------------------------------
Corporate Headquarters
1650 Carlemont Dr.
Suite D
Crystal Lake, IL. 60014
-----------------------------------------------
Direct Toll Free: (877) 262-7593 (x327)
Fax: (815) 425-2173
-----------------------------------------------
Main Switchboard: (877) 262-7593 (9am-5pm CST)
Commercial Sales: (877) 262-7593 (opt1)
Government Sales: (877) 262-7593 (opt2)
===============================================
-----Original Message-----
From: Alexander Antipov [ <mailto:antipov@...o.ru>
mailto:antipov@...o.ru]
Sent: Thursday, September 11, 2003 3:21 AM
To: 'full-disclosure@...ts.netsys.com'
Subject: [Full-Disclosure] PTms03039.zip
Hi!
PTms03039.zip is an utility for checking Windows machine, which is
vulnerable to the RPC DCOM #2 (MS03-039). Tool can be downloaded here
<http://www.securitylab.ru/?ID=40170>
http://www.securitylab.ru/?ID=40170 (in Russian!)
---------------------------
Positive Technologies ( <http://www.ptsecurity.com>
http://www.ptsecurity.com) is information security company. We are
especially focused on protection of corporate networks from external
attacks.
--------------------------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20030911/422fca61/attachment.html
Powered by blists - more mailing lists