[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <000901c39133$cafec640$6600a8c0@Mike>
From: sigpizbguy at hotpop.com (Mike Gordon)
Subject: RE: Re: Bad news on RPC DCOM vulnerability
I had better luck compiling the cyberphreak version (have since managed to
compile several flavors), but it still only seems to DoS patched and
unpatched systems.
The code gets stuck in a loop and always produces error 10054. Any idea
what that means?
if(ft)
{
int i=0;
while(1) //this seems to be an endless loop, till a error
apears!!
{
if (send(sock,(const char *)buf2,len1,0)==SOCKET_ERROR)
{
printf("\nSend
failed.Error:%d\n",WSAGetLastError());
return 0;
}
else
{
printf("\rStatus: %d",++i);
}
//Sleep(1000);
}
}
-----Original Message-----
From: Paul Tinsley [mailto:pdt@...khammer.org]
Sent: Sunday, October 12, 2003 8:38 PM
To: mike@...haelgordon.com
Cc: full-disclosure@...ts.netsys.com
Subject: Re: [Full-Disclosure] RE: Re: Bad news on RPC DCOM vulnerability
Just out of curiosity could you specify why you consider the other one
"better code?" The only real differences between the two are that they
both "fix" the 'cs+=buf;' line differently which is kind of silly to
bother fixing in the first place, considering the function that line of
code sits on isn't even called so it should be commented out or deleted
to start with. The only other real difference is one decided to use an
int main and one uses void main. Well that and the SecurityLab copy
breaks part of main with the 'if(argc!=2){' check, as it is meant to
have two different modes of operation, one target or a class B.
Mike Gordon wrote:
> A compiled version is found at
> _http://www.SecurityLab.ru/_exploits/rpc3.zip_
> But it seems to only crash systems.
>
> Does any one have a clean complile of the "better code" from
> _http://www.cyberphreak.ch/sploitz/MS03-039.txt_
>
Powered by blists - more mailing lists