lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <41B1FD84D49E05448A4233378E6BF47501F4A827@entmsgnt03.fm.frd.fmlh.edu>
From: jheidtke at fmlh.edu (Jerry Heidtke)
Subject: EXPLOIT : RPC DCOM (MS03-039)

The exploit at http://www.k-otik.com/exploits/09.16.MS03-039-exp.c.php is rather limited. It only creates a local administrator account named "e" with a password of "asd#321". But, it only works against Windows 2000 (English) with SP3 or SP4, if it works at all.

I've seen references to other exploits out there, along with some source and executables, including one that is much more capable. It allegedly works against all SP and language versions of both Windows 2000 and XP. It gives access to a command shell that has Local System rights, and might easily be modified to work as part of a universal worm package. Remember that Blaster and Welchia/Nachia both had to "guess" whether they were attacking W2K or XP. This new exploit works either way.

Here's a link to a screen shot of it:

http://haiyangtop.533.net/1.jpg

Rather than a sleeping bag, a one-way ticket to a nice uninhabited island sounds better.

Jerry

-----Original Message-----
From: pdt@...khammer.org [mailto:pdt@...khammer.org]
Sent: Tuesday, September 16, 2003 8:05 PM
To: full-disclosure@...ts.netsys.com
Subject: RE: [Full-Disclosure] EXPLOIT : RPC DCOM (MS03-039)


Has anyone tested this exploit successfully?  I havn't been able to make
it work as of yet.  I tried the Target 0 type and have the exact DLL
versions referenced.  Just wondering if this is BS or there is some other
dependency on my test systems that isn't quite lining up.


Reguardless I think I am going to throw a sleeping bag in the back of the
car on the way to work tomorrow, I think there are some long days coming
up soon.


>RPC DCOM long filename heap overflow Exploit (MS03-039)
>
>http://www.k-otik.com/exploits/09.16.MS03-039-exp.c.php
>
>blaster.b soon ?



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Confidentiality Notice: This e-mail message, including any attachments,
is for the sole use of the intended recipient(s) and may contain
confidential and privileged information.  Any unauthorized review, use,
disclosure or distribution is prohibited.  If you are not the intended
recipient, please contact the sender by reply e-mail and destroy all
copies of the original message.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ