Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: dcom exploit code observations

From: Preston Newton <preston.newton () equipnetworks com>
Date: 28 Jul 2003 10:37:28 -0500
More observations:
After exploiting a windows 2000 SP3 system the "PASTE" function is not
working anymore.  The "COPY" and "CUT" functions appear to work but
paste is grayed out, and even CTRL+V doesn't work.  Also you can't move
files or folders around within the Explorer shell window.  Is this
happening on other exploited systems?  Just and observation....

Preston

On Mon, 2003-07-28 at 09:42, john wrote:

Downloaded the revised exploit code by HD moore and got it compiled on a
linux box.

There seems to either be some flaws in the exploit code or just a
general instability of the rpc service.

If the code is run against a vulnerable box and the right SP level
setting is not correct it crashes the rpc service and shuts down the
port. Restarting the service will bring it back online. If the attack is
successful you get a nice pretty windows shell. If you exit the shell
the rpc service again crashes.

I am sure the code will be revised to eliminate these problems.

John

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: