Full Disclosure mailing list archives

Re: dcom exploit code observations

From: Shanphen Dawa <list () hardlined com>
Date: Mon, 28 Jul 2003 18:06:20 -0500

I would also like to know, since I though the remote computer would experience some sort of DoS instead of exploitation 
if the wrong return address was used.

On Mon, 28 Jul 2003 22:20:20 +0200
Knud Erik Højgaard <kain () ircop dk> wrote:

morning_wood wrote:
[snip]

THIS IS NOT THE CASE...
this .bat works perfect...


So somehow running the exploit from a .bat file with some shameless
selfpromotion makes svchost _not_ crash upon hitting a wrong return address?

Would you care to elaborate on how you pull that off?

--
kokanin

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html



-- 
/*
"To avoid all evil, to cultivate good, 
and to cleanse one's mind  
this is the teaching of the Buddhas."

Martin Ekendahl
http://www.hardlined.com
martin () hardlined com
*/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

dcom exploit code observations john (Jul 28)
- Re: dcom exploit code observations Preston Newton (Jul 28)
- Re: dcom exploit code observations morning_wood (Jul 28)
  - Re: dcom exploit code observations Knud Erik Højgaard (Jul 28)
    - Re: dcom exploit code observations Shanphen Dawa (Jul 28)