[<prev] [next>] [day] [month] [year] [list]
Message-ID: <2A087C64E426484C8F36B69FF2B7176D0401C22E@MBXSRV01.stf.nus.edu.sg>
From: ccexies at nus.edu.sg (Xie Chun Yan, Sherman)
Subject: RE: whoch DCOM exploit code are they speaking about here?
Just to clarify a bit, to my knowledge this screen shot is taken from an
exploit for MS03-026 . It's not for MS03-039. It was an internal version
developed by a security company in China. Correct me if I am wrong.
This http://www.k-otik.com/exploits/09.16.MS03-039-exp.c.php is by eyas
(he is a member of xfocus.org, same as flashsky). It's the first public
exploit for MS03-039 I've seen.
If you've seen references to other exploits, care to share?
Regards,
Sherman
-----Original Message-----
The exploit at http://www.k-otik.com/exploits/09.16.MS03-039-exp.c.php
is rather limited. It only creates a local administrator account named
"e" with a password of "asd#321". But, it only works against Windows
2000 (English) with SP3 or SP4, if it works at all.
==========================
I've seen references to other exploits out there, along with some source
and executables, including one that is much more capable. It allegedly
works against all SP and language versions of both Windows 2000 and XP.
It gives access to a command shell that has Local System rights, and
might easily be modified to work as part of a universal worm package.
Remember that Blaster and Welchia/Nachia both had to "guess" whether
they were attacking W2K or XP. This new exploit works either way.
Here's a link to a screen shot of it:
http://haiyangtop.533.net/1.jpg
==========================
Rather than a sleeping bag, a one-way ticket to a nice uninhabited
island sounds better.
Jerry
Powered by blists - more mailing lists