Re: [PEN-TEST] RDS exploit simulation

[Johan Persson <johan () DEFCOM-SEC COM>]

this is what you need:

NT4.0 sp3 (with iis4.0)
optionpack 4
iexploder4.01 (any higher version will fix the msadc bug)

/johan

----- Original Message -----
From: "Oliver Petruzel" <oliverpetruzel () EMAIL COM>
To: <PEN-TEST () SECURITYFOCUS COM>
Sent: Monday, September 18, 2000 5:14 PM
Subject: [PEN-TEST] RDS exploit simulation


> my dearest pentesting compadres,
>
> ok, im at a loss to determine why this isn't working right now, so i
> will throw this out:  Can somone..anyone! please list the exact
> specifications for as simulation test of Rain Forrest's RDS exploit?
> Starting with a naked system, what EXACTLY needs to be installed to get
> a vulnerable MDAC and RDS services?  All my previous attempts have
> yielded safe systems. (uhg..and yes, I answered "yes" when it asked me
> if I wanted RDS "on"...)
>
> I have tried every IIS version/service pack installs/etc and still come
> up with a non-vulnerable system.  I have used this so many times in the
> wild, it's hard to imagine what I'm doing wrong.
>
> I need it for demonstration purposes (among 15 other demo'd exploits im
> doing for the powers that be), and although the script is neato to watch
> chugging away, it's all for nothing when it comes up dry!
>
> Also, can anyone recommend a good pre-existing IMAP or POP vuln script
> and simulation config?
>
> thanks
> ./Oliver_Petruzel
>
>
> -----------------------------------------------
> FREE! The World's Best Email Address @email.com
> Reserve your name now at http://www.email.com