dcom exploit code observations

[john <seclist () wiresec net>]

Downloaded the revised exploit code by HD moore and got it compiled on a
linux box.

There seems to either be some flaws in the exploit code or just a
general instability of the rpc service.

If the code is run against a vulnerable box and the right SP level
setting is not correct it crashes the rpc service and shuts down the
port. Restarting the service will bring it back online. If the attack is
successful you get a nice pretty windows shell. If you exit the shell
the rpc service again crashes.

I am sure the code will be revised to eliminate these problems.

John

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html