Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

RE: [inbox] Re: MS RPC remote exploit.

From: "Curt Purdy" <purdy () tecman com>
Date: Thu, 9 Oct 2003 13:46:21 -0500


--- Sudharsha Wijesinghe <sudharsha () digitalhouse lk>
wrote:

According to MS there cant be any Remote exploit on
MS RPC except for a
DOS attack using 139/135/445.
How ever the code is available for a shell code.
has any one tried this exploit?


no remote exploit ?

http://www.k-otik.com/exploits/10.09.rpc2universal.c.php
http://www.k-otik.com/exploits/09.20.rpcdcom2ver1.1.c.php
http://lists.netsys.com/pipermail/full-disclosure/2003-Septemb

er/009848.html

What about dcom.exe that hit the streets before MS even released the first
032 patch. With it, you could own a box in 2 minutes.  I can only imagine
how many thousands of bots were deployed before blaster hit, as the kiddies
were hitting their keyboards just as fast as their little fingers could
type.

Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA
Information Security Engineer
DP Solutions

----------------------------------------

If you spend more on coffee than on IT security, you will be hacked.
What's more, you deserve to be hacked.
-- White House cybersecurity adviser Richard Clarke

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: