Full Disclosure mailing list archives
Re:DCOM RPC exploit failed
From: "Thiago Campos" <th.campos () bol com br>
Date: Sun, 27 Jul 2003 19:20:21 -0300
Hi With the Portuguese version of Windows XP using the offset from Windows XP SP1 english something different occurs. A window with a 30 seconds countdown and these senteces appears: "You are not a valid administrator. Your computer will be powered off" pretty disturbing. Finding the right offset will lead this exploit to be a new DoS tool with pratically no changes. - Thiago Campos
Just 4 info: I compiled dcom.c on linux and tried it against a Windows 2000 SP4, german version. The exploit failed (maybe I need some offset
adjustments for the
german version of Win2k) but after that I noticed some
malfunctions:
- The windows explorer was not able to perform drag'n
drop any more.
When I tried to drag a file somewehere nothing
happened.
- The media player failed. The window came up and
closed itself after
a few seconds. ... don't know what else failed... So even when then exploit failed it may seriously
disturb the windows
functionality. A massive scan for vulnerable windows
systems on the
net may become the character of an DoS attack even
without any
successful exploit. Ciao Marcus -- Windows is not the answer. Windows is the question and the answer is no. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-
charter.html
__________________________________________________________________________ Acabe com aquelas janelinhas que pulam na sua tela. AntiPop-up UOL - É grátis! http://antipopup.uol.com.br/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- DCOM RPC exploit failed Marcus Graf (Jul 27)
- Re: DCOM RPC exploit failed Knud Erik Højgaard (Jul 27)
- <Possible follow-ups>
- Re:DCOM RPC exploit failed Thiago Campos (Jul 27)
- Re: DCOM RPC exploit failed Christopher Kunz (Jul 28)
- RE: DCOM RPC exploit failed Richard Stevens (Jul 28)
- Re: DCOM RPC exploit failed devnull (Jul 28)
- RE: DCOM RPC exploit failed Ben Tyson-Norrman (Jul 28)
- DCOM RPC exploit failed test test (Jul 28)