Full Disclosure mailing list archives
RE: DCOM RPC exploit (dcom.c)
From: "Tom H" <tom () scriptsupport co uk>
Date: Wed, 30 Jul 2003 06:48:36 +0100
I used nmap to scan a random /16 for systems with port 135 open, I fed the results of systems with that port open into enum (enum -S $ip) and grepped for a "SharedDocs" share, which indicates XP box. Then I ran the win32 binary I compiled from from the c code posted to this list against that list of ips. I assumed that most XP boxes would be SP1. I got 6 command prompts. I then ran the same binary looking for Xp with Sp0. I got 156 command prompts. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: DCOM RPC exploit (dcom.c), (continued)
- Re: DCOM RPC exploit (dcom.c) Robert Banniza (Jul 29)
- Re: DCOM RPC exploit (dcom.c) Preston Newton (Jul 30)
- RE: DCOM RPC exploit (dcom.c) Ron DuFresne (Jul 29)
- Re: DCOM RPC exploit (dcom.c) Robert Banniza (Jul 29)
- RE: DCOM RPC exploit (dcom.c) Schmehl, Paul L (Jul 29)
- Re: DCOM RPC exploit (dcom.c) Kain (Jul 29)
- RE: DCOM RPC exploit (dcom.c) Myers, Marvin (Jul 29)
- RE: DCOM RPC exploit (dcom.c) Schmehl, Paul L (Jul 29)
- SV: DCOM RPC exploit (dcom.c) Peter Kruse (Jul 29)
- Re: DCOM RPC exploit (dcom.c) Knud Erik Højgaard (Jul 29)
- RE: DCOM RPC exploit (dcom.c) Andy Wood (Jul 29)
- RE: DCOM RPC exploit (dcom.c) Tom H (Jul 29)
- DCOM RPC - DEVESTATING IN SCOPE morning_wood (Jul 30)
- RE: DCOM RPC exploit (dcom.c) Mortis (Jul 30)
- SV: DCOM RPC exploit (dcom.c) Peter Kruse (Jul 29)