lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <000401c38fde$b62510e0$7d01a8c0@phreaklaptop>
From: fkeller at absolute.tv (Florian Keller)
Subject: AW: Bad news on RPC DCOM2 vulnerability

 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Use this code: http://www.cyberphreak.ch/sploitz/MS03-039.txt
 
This works fine 4 me
 ;).
 
Greets Flo
 
- - -----Urspr?ngliche Nachricht-----
Von: full-disclosure-admin@...ts.netsys.com [mailto:full-disclosure-admin@...ts.netsys.com] Im Auftrag von Peter King
Gesendet: Samstag, 11. Oktober 2003 10:29
An: full-disclosure@...ts.netsys.com
Betreff: Re: [Full-Disclosure] Bad news on RPC DCOM2 vulnerability
 
why those *security* sites keep *exploits* online even when they know that this is an unpatched vuln !!!!
 
personnaly i'd like to test this exploit on my systems, but can't compile it 
http://www.k-otik.com/exploits/10.09.rpc2universal.c.php
 
can anyone post the .exe please, to test our machines ...
 
Cheers.

petard <petard@....lonestar.org> wrote:
On Fri, Oct 10, 2003 at 07:05:46PM -0500, Bobby Brown wrote:
> So I can "assume" no other information is posted, other than this site, to collaborate the RPC issue is not resolved or should we all try to translate this site using the helpful hints, which they are?
> 
> 
k-otik posted some similar if not identical code, corroborating (to a point anyway) its
effectiveness. (It most likely worked for one of them if they posted it.)

I suggest taking the linked code, compiling it (use MSVC7) and testing it to confirm
for yourself. Please test on a machine that's not connected to the internet, though :-)

HTH,

petard
  _____  

Do you Yahoo!?
The New Yahoo! Shopping - with improved product search

- -----BEGIN PGP SIGNATURE-----
Version: PGP 8.0

iQA/AwUBP4fUq8cVx+1s2h/BEQIe+gCfbIBU0EG/Oj7Uu17XtcrZvthy0UkAoIKf
8LFGmJWP0pBBKP2TPqOKjHvy
=1RpU
- -----END PGP SIGNATURE-----

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0

iQA/AwUBP4fVEscVx+1s2h/BEQJ+pQCfYw73WRH1A6KD15vhX8Z5U9vyNhoAnjoH
5iV29moO+mDDCNymwguVRjZS
=ZZtA
-----END PGP SIGNATURE-----
 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGPexch.rtf.pgp
Type: application/octet-stream
Size: 3681 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20031011/5b078046/PGPexch.rtf.obj

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ