[<prev] [next>] [day] [month] [year] [list]
Message-ID: <4273F282.5060203@class101.org>
Date: Sat Apr 30 22:03:56 2005
From: ad at class101.org (class)
Subject: Microsoft WINS Vulnerability + OS/SP Scanner
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
While replicating, it's possible to guess the OS and SP, in addition
you have the heap base address.
Conclusion: all needed for a skilled hacker to intrude a vulnerable
computer, however a script kiddie wont be able to do something because
each wrong hacking attempts may corrupt the WINS database and so on ,
move where this is needed to overwrite. This is where the skilled
hacker will use the heap base address retrieved while scanning to
start a bruteforce attack , nor at best, to analyze how is moving the
heap :)
For example, the exploit that I have published (v0.3) is doing a small
part of 2k with the corresponding heap base , but you will have to
update it to catch some other heap positions.
I attach the win32 binary, follow class101.org and hat-squad.com if
you are seeking for the source or FreeBSD version, I think I will
share them soon.
- -v....: lite verbose
- -vv..: ultra verbose
threads: 0-4999
else all go in HS_WINS.txt
Screenshot:
IP.............: ***:42
STATUS.........: wins enabled
VULNERABILITY..: NOT_PATCHED
OS.............: Windows 2000 SP3
IP.............: ***:42
STATUS.........: wins enabled
VULNERABILITY..: patched
OS.............: Windows 2000 SP4
IP.............: ***:42
STATUS.........: wins enabled
VULNERABILITY..: patched
OS.............: Windows 2000 SP4
IP.............: ***:42
STATUS.........: not wins, wrong datas
IP.............: ***:42
STATUS.........: wins enabled
VULNERABILITY..: patched
OS.............: Windows 2003 SP0
IP.............: ***:42
STATUS.........: wins enabled
VULNERABILITY..: NOT_PATCHED
OS.............: Windows 2003 SP0
IP.............: ***:42
STATUS.........: nothing received, not wins or vulnerable service freezing
etc,etc
download: http://class101.org/HS_WINS.exe
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (MingW32)
iD8DBQFCc/J9LyZ8K9aT7rARAu0yAKC68ZxNKTuqwJNLQCNy31425aqLXACfYhvo
gSJT9elxPzyKOpI+CErbWlM=
=dkCW
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists