Full Disclosure mailing list archives
No subject
From: "Pocjfr" <Pocjfr () yandex ru>
Date: Mon, 13 Oct 2003 20:13:10 +0400 (MSD)
Hi! I have remote bindshell exploit for any Windows system with MS03-39 patch installed, but now i can't publish it. This code http://www.securitylab.ru/40757.html works only against Win2k Server sp3/sp4, WinXP sp1, Windows 2003, and doesn't work (code needed some change) againt Windows 2003 sp1beta, WinXP without SP and w2k sp0-sp2. ----- Original Message ----- From: <webheadport80 () netscape net> To: <full-disclosure () lists netsys com> Sent: Monday, October 13, 2003 6:29 PM Subject: Re: [Full-disclosure] RE: Re: Bad news on RPC DCOM vulnerability
I've tried it on a couple of ms03-039 patched w2k boxes and it didn't DoS the RPC service like it did on my w2k-unpatched box. Are you saying that you've gotten it to kill the RPC service on a ms03-039 patched machine (particularily, w2k)? During my ms03-039 w2k tests, the exploit runs for several seconds then stops with a status of ~5000 but it doesn't kill the RPC. The reason I'd like confirmation is that my Microsoft corp contact told me that Microsoft, back in Redmond, said this exploit doesn't work on ms03-039... I'd like to confirm/deny this claim. Especially, since they haven't updated their sec bulletin on ms03-039 for this vulnerability. Any feedback from folks who have successfully gotten this exploit to work on a PATCHED ms03-039 w2k box would be GREATLY APPRECIATED!!! Thanks, WebHead ====================================================== This code doesn't work without shellcode. The simple version of a "battle" shellcode can be found here: http://www.SecurityLab.ru/_exploits/bshell2 (add user 'a' with pass 'a' in administrator group) You can change this shellcode as you need. On system with MS03-39 installed, this code only crash systems, because nature of new vulnerability is not known. See more: http://www.securitylab.ru/40757.html ----- Original Message ----- From: Mike Gordon To: full-disclosure () lists netsys com Sent: Monday, October 13, 2003 1:41 AM Subject: [Full-disclosure] RE: Re: Bad news on RPC DCOM vulnerability A compiled version is found at http://www.SecurityLab.ru/_exploits/rpc3.zip But it seems to only crash systems. Does any one have a clean complile of the "better code" from http://www.cyberphreak.ch/sploitz/MS03-039.txt __________________________________________________________________ McAfee VirusScan Online from the Netscape Network. Comprehensive protection for your entire computer. Get your free trial today! http://channels.netscape.com/ns/computing/mcafee/index.jsp?promo=393397 Get AOL Instant Messenger 5.1 free of charge. Download Now! http://aim.aol.com/aimnew/Aim/register.adp?promo=380455 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- No subject Pocjfr (Oct 13)
- Re: No subject Gregory A. Gilliss (Oct 13)
- <Possible follow-ups>
- No Subject mitch_hurrison (Oct 20)
- Re: No Subject Frank Knobbe (Oct 20)
- Re: Re: No Subject Michal Zalewski (Oct 21)
- Re: Re: No Subject Frank Knobbe (Oct 21)
- Re: Re: No Subject Michal Zalewski (Oct 21)
- Re: Re: No Subject Bradford Shedwick (Oct 21)
- Re: Re: No Subject Frank Knobbe (Oct 21)
- Re: Re: No Subject Michal Zalewski (Oct 21)
- Re: Re: No Subject Paul Schmehl (Oct 21)
- Re: No Subject Frank Knobbe (Oct 20)